The following GET request to ElasticSearch works correctly:
GET traffic_original/_search {
"size": 2,
"_source": ["swPort", "size", "srcIP", "dstIP"]
}
Response:
{
"took" : 9,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : 1.0,
"hits" : [
{ "_index" : "traffic_original",
"_type" : "record",
"_id" : "6Iq0BW0BCid0EqM8JVNC",
"_score" : 1.0,
"_source" : {
"srcIP" : "10.11.0.133",
"size" : 68,
"swPort" : 43,
"dstIP" : "10.5.6.126"
}
},
{ "_index" : "traffic_original",
"_type" : "record",
"_id" : "6Yq0BW0BCid0EqM8JVNC",
"_score" : 1.0,
"_source" : {
"srcIP" : "10.11.0.133",
"size" : 70,
"swPort" : 43,
"dstIP" : "10.5.6.126"
}
}
]
}
}
But despite that, I haven't been able to make a simple Vega chart to test its functionality. Here's one of the many code variations I've tried:
{
$schema: https://vega.github.io/schema/vega-lite/v2.json
mark: rect
data: {
url: {
%context%: true
index: traffic_original,
body: {
size: 100
_source: ["swPort", "size"] } }
format: {property: "hits.hits"}
}
encoding: {
x: {
field: swPort
type: quantitative
axis: {title: "X Axis"}
}
y: {
field: size
type: quantitative
axis: {title: "Size"}
}
}
}
I don't really mind what to plot, I just wanna see a working example from where to iterate.