Scripted_metric in Kibana visualization

elk_user1 · February 22, 2017, 9:52am

Hi All,

I wanted to know if there is any support for using scripted_metric aggregations in Kibana ? I wrote an elasticsearch query which uses scripted_metric, but I want to use it in visualizations. I am using Kibana/ElasticSearch versions 5.1.1.. You help will be really grateful.

Thanks,
Deepti

lukas · February 22, 2017, 8:35pm

Could you provide the script you're using so we can see if there is a good way to accomplish it in Kibana?

elk_user1 · February 23, 2017, 4:33am

Hello,

Thanks for replying. I am trying to find out the time spent on a test based on started and ended object.id (assuming for any student for a particular test, there are only two events : start and end)
Below is the scripted metric aggregation query.

GET test-data/_search
{
"from" : 0,
"size" : 0,
"aggregations" : {
"user-id" : {
"terms" : {
"field" : "user-id",
"size" : 200,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
},
"aggregations" : {
"assessment_id" : {
"terms" : {
"field" : "testid",
"size" : 10,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
},
"aggregations" : {
"timeontask": {
"scripted_metric": {
"init_script" : "params._agg.events = ",
"map_script" : "def sf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); def t = sf.parse(sf.format(doc['timestamp'].value)).getTime(); params._agg.events.add(doc['object.id'].contains('started') ? -1 * t : t) ",
"combine_script" : "double totTime=0 ; for (t in params._agg.events) { totTime += t } return totTime",
"reduce_script" : "double totTime=0 ; for (a in params._aggs) { totTime += a } return totTime/60000 "
}
}
}
}
}
}
},
"ext" : { }
}

lukas · February 23, 2017, 10:42pm

Unfortunately there isn't any way to accomplish this in Kibana. There's an open issue you can add your feedback to and follow for notifications here: https://github.com/elastic/kibana/issues/7879

elk_user1 · February 27, 2017, 7:39am

Hi,

Is there a way to post these aggregated results to a new index in elasticsearch?
Probably I can create some visuals using new index fields. Just a thought.

Thanks,
Deepti Antony

lukas · February 27, 2017, 4:10pm

Hmm, I don't know of anything to allow you to do that. There is a reindex API that allows using scripts, but from my understanding, the scripts execute on the document level, not on aggregations.

That being said, there's nothing preventing you from taking the results of the aggregation and manually indexing them into a new index.

system · March 27, 2017, 4:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.