Using an aggregation to create histogram in Kibana?

Elastic Stack Elasticsearch
1

I have an aggregation on a packetbeat index as follows:

GET packetbeat-7.16.3-2022.02.07-000001/_search?size=0
{
  "query": {
    "term": {
      "destination.port": 9200
    }
  }, 
  "aggs": {
    "myagg1": {
      "terms": {
        "field": "source.port"
      }, 
      "aggs": {
        "myagg2": {
          "avg": {
            "field": "source.bytes"
          }
        }
      }
    }
  }
}

The response is as follows:

"buckets" : [
        {
          "key" : 49158,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 60275.916666666664
          }
        },
        {
          "key" : 49160,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 59757.5
          }
        },
        {
          "key" : 49170,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 60226.375
          }
        },
        {
          "key" : 49182,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 60236.6875
          }
        },
        {
          "key" : 49184,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 59943.125
          }
        },
        {
          "key" : 49186,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 59683.25
          }
        },
        {
          "key" : 49188,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 60236.6875
          }
        },
        {
          "key" : 49190,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 59978.875
          }
        },
        {
          "key" : 49192,
          "doc_count" : 96,
          "myagg2" : {
            "value" : 59943.125
          }
        }

I want to create a histogram using this code in Kibana. How do you do that ? I dont want to use Kibana Query Language, but directly use this aggregation code. Please help!!

2

Why do you want use the query directly?

It's easy to get such visualization by GUI. Maybe it takes only few minutes. After create visualization by GUI, you can also check the query via Inspect page.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.