Painless Scripted Field

Beuhlet_Reseau · September 11, 2017, 12:44pm

Hello,

I can't make it work my scripted painless field.

Here some lines example :

xxx|code_z|octets|xxx|xxx
  X|11|500|X|X
  X|12|40|X|X
  X|13|5|X|X
  X|14,4|240|X|X

11,12,13,14 => Same zone but she has différents codes. (all of these codes form the primary zone)
500,40,5,240 => Octets use

So, i want create graphic with the total octets (here 500 + 40 + 5 + 240 = 785) by zone

I thought this :

if (doc['code_z'].value == '11' || doc['code_z'].value == '12' || doc['code_z'].value == '13'  || doc['code_z'].value == '14,4' ) {
 return doc['octets'].value
}
return 0

But it's doesn't work Look at this blank graph ...:

I know that is very difficult.

Bargs · September 11, 2017, 8:42pm

Instead of returning the octets value in your script, return some unique identifier for the zone that the conditional matches. Then on your visualization's x-axis you can do a terms agg on the scripted field which will get you the split by zone. The y-axis metric would be a simple sum aggregation on the octets field.

Beuhlet_Reseau · September 12, 2017, 9:07am

Humm, i don't understand.

how can do that ?

I want the sum of the bytes on a single curve for the set of chosen codes

Beuhlet_Reseau · September 12, 2017, 9:33am

I have an early solution @Bargs . Directly in kibana visualize :

Sum of octets (X-axis), timestamp on Y-axis and split series by terms (so this is codes zones : z_code).
You can see that my graph is split into multiple curve (because it's have many code) :

Now, i Use json filter :

{
  "query": {
    "constant_score": {
      "filter": {
        "match": {
          "z_code": "14"
        }
      }
    }
  },
  "aggs": {
    "sumcustom": {
      "sum": {
        "field": "AmountVol"
      }
    }
  }
}

So, i have configure only one z_code field, so want add multiple z_code at my json but i don't how to make that . Here ma graph with json filter :

So, how to add multiple z_code at my json filter ? :

{
      "query": {
        "constant_score": {
          "filter": {
            "match": {
              "z_code": "14"
            },
            "match": {
              "z_code": "11"
        }
          }
        }
      },
      "aggs": {
        "sumcustom": {
          "sum": {
            "field": "AmountVol"
          }
        }
      }
    }

or

{
  "query": {
    "constant_score": {
      "filter": {
        "match": {
          "PLMNid": [
            "11",
            "12",
            "13"
          ]
        }
      }
    }
  },
  "aggs": {
    "sumnat": {
      "sum": {
        "field": "AmountVol"
      }
    }
  }
}

But doesn't work these methods
In first case : it take only one of code
In second case : i have error message :[illegal_state_exception] Can't get text on a START_ARRAY

Can you show how to ?

Bargs · September 12, 2017, 3:13pm

If you only need this grouping for this one visualization, why not use the filters aggregation with a query string? You could do something like the screenshot below. Instead of extension you would query on z_code.

system · October 10, 2017, 3:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.