Hi,
I'm very new to the Vega visualization option within Kibana and I was wondering if someone could help me out. I'm working on an indicator with trends to visualize the difference in the amount of logs of Last Hour and the amount of logs the hour before that.
My question actually is if It is possible to use 2 queries with time ranges in Vega, for so far I did not find any good solution to my question. If any of you knew an answer to this problem I would gladly appreciate your help, it can be 2 queries in Vega or a correction in my request to get what i want.
My Elasticsearch query:
GET /_search
{
"aggs": {
"time_buckets": {
"date_histogram": {
"field": "@timestamp",
"interval": "1h"
}
}
},
"query": {
"range": {
"@timestamp": {
"gte": "now-2h/h",
"lte": "now/h"
}
}
},
"size": 0
}
This returns this:
{
"took" : 22,
"timed_out" : false,
"_shards" : {
"total" : 49,
"successful" : 49,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 368,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"time_buckets" : {
"buckets" : [
{
"key_as_string" : "2021-04-29T06:00:00.000Z",
"key" : 1619676000000,
"doc_count" : 152
},
{
"key_as_string" : "2021-04-29T07:00:00.000Z",
"key" : 1619679600000,
"doc_count" : 158
},
{
"key_as_string" : "2021-04-29T08:00:00.000Z",
"key" : 1619683200000,
"doc_count" : 58
}
]
}
}
}
But this gives me 3 groups of data, but my visualization only needs 2 and if I would take the sum of those, It is not a valid visualization of the data.
Kind regards
Yorick