Vega does not show anything from elasticsearch query

michaelcheung · May 21, 2018, 6:05am

My visualize query:

{
  $schema: https://vega.github.io/schema/vega-lite/v2.json
  title: Event counts from all indexes
  data: {
    url: {
      index: index-*
      body: {
        query: {
          bool: {
            must: [
              {
                range: {
                  @timestamp: {gt: "now-15m"}
                }
              }
              {
                match: {logStatus: "success"}
              }
            ]
          }
        }
        size: 20
      }
    }
    format: {property: "hits.hits"}
  }
  mark: circle
  encoding: {
    x: {
      field: _source.@timestamp
      type: temporal
      axis: {title: "time"}
    }
    y: {
      field: _source.logEvent
      type: nominal
      axis: {title: "event"}
    }
  }
}

I checked browser network and there is _search request with correct data in response. I just see the chart showing title and legends, but there is no data. What is wrong in the above visualize query object?

michaelcheung · May 21, 2018, 7:03am

Found the problem. The @timestamp field needs to be transformed after search.
I put these lines after data.

  transform: [
    {calculate: "toDate(datum._source['@timestamp'])", as: "time"}
  ]

Then change x-axis field to time.

Brandon_Kobel · May 21, 2018, 1:45pm

Hey @michaelcheung, I'm glad to hear that you were able to figure out the solution to your problem, thanks for sharing it here for others to find!

system · June 18, 2018, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.