I have data as follows in ElasticSearch:
timestamp item_id item_status
January 24th 2018, 12:06:34.287 1 Processing
January 24th 2018, 12:10:14.310 1 Completed
January 25th 2018, 07:21:30.876 2 Cancelled
January 26th 2018, 09:11:55.775 3 Completed
I want to query this data such that I can get all items that have had both Processing and Completed as their status. In my case, my query result would just be:
item_id
1
timestamp is a timestamp field and item_id & item_status are string fields.
How can I do this with Kibana Visualization? I have been doing something similar to https://discuss.elastic.co/t/how-can-i-make-visualization-with-group-by/43569/2 and Run a simple sql group by query in kibana 4 but it did not really get me what I wanted.
Thanks in advance!
In a Kibana visualization, if you add a query string or a filter, and save the visualization, then the visualization will apply these on top of any other filters that you would use when using a dashboard.
If you plan to apply these filters to multiple visualizations, then you can first make a saved search in the Discover mode, and when making the visualization, create from the saved search (Visualize > New > From a saved search.
Related
I have a list of sellers, where everyone paying service charge. I want to show the service charge grouped by year in descending order. The group's year should be in descending order. Like, I inputed data for 2023, 2020, 2021. The group data should show 2023 first then 2021, then 2020. First I tried with
$infos = Commision::all()->groupBy('country');
If I use order first it shows error. I have a previous question here. The I tried with
$infos = DB::table('service_charges')->groupBy('year')->orderBy('year','DESC')->get();
dd($infos);
But its show's only one data of each group. I have 3 data saved here . 2 is from 2021, 1 is from 2020. But the query showing me only one data from each group here.
the GROUP BY SQL statement is used to aggregate data that have the same value for a given column. That means you can only get a single aggregated result of the data for each distinct value in that column (i.e. one value per year in your case).
The collection groupBy is used to group all data in their own collection if they have the same value. However the difference is that groupBy in the collection runs after the query so you can no longer orderBy at that point. Here are two ways you might be able to solve your issue:
Order in the query then group the resulting collection
$infos = DB::table('service_charges')->orderBy('year','DESC')->get()->groupBy('year');
Sort and order the resulting collection
$infos = Commision::all()->groupBy('country')->sortKeysDesc();
I’m working with ELK version 6.2.3.
I was able to create several visualizations for my data, but I would like for some of them to have a “complex” filter. My index contains an id field and a date field along with other data on which I’m aggregating (I’m not aggregating on the id nor the date).
I would like the visualization to display the latest date per id.
I may get data from id ‘x’ today, but for id ‘y’ I only received data two days ago.
For instance, I’ve created a pie chart which aggregates on a field named ‘type’, but I would like to display the data within this chart for the latest data per id.
The document looks like this:
Document 1:
{
“id”: “x”,
“date”: “June 10th 2019, 10:00:29.000”,
“type”: “TypeA”
}
Document 2:
{
“id”: “y”,
“date”: “June 8th 2019, 10:00:29.000”,
“type”: “TypeA”
}
For each id I would like to get the latest date, not just the past 24 hours or so.
Is this possible?
Thanks
I have 2 indices in kibana 4:
1st index is basing time from events (Date Created)
2nd Index is basing time from events (Date Closed)
Both are date values and I want to create a query which will return the total amount of docs Date Created (Today) - total amount of docs Date Closed (Today)
If this is not possible is it possible if i have both fields in one index?
Yes you need to have both the date values within the same index so that you can do the subtraction using a scripted field in Kibana. You could simply have your script as such:
doc.['date_created'].value - doc.['date_closed'].value
----------------^----------------------------------------^ Make sure to give your exact field names
And then you could use this scripted field as a Date Historgram to show the total count of the docs within the retrieved date range.
Hope this helps!
Using Kibana 4.4.1, I seem to be only able to create data table sub-bucket aggregations visualized as rows:
Is there a way to display the aggregation as columns instead?
Invitation time CampaignType:Sms CampaignType:Email
Feb 19th 2016 15:45:00.000 3,185 8
Feb 23rd 2016 17:15:00.000 2,229 11
Feb 24th 2016 15:45:00.000 16,523 38
There are ways to do it.
You may need to filter the columns based on sms and email before doing the visualization , then you may get the appropriate result.
Or with the result that you have , you can export it as Raw or formatted and then allign them according to your needs in Excel.
I'm writing a report that has proposal information by estimator per month. So I created a matrix where each row is grouped by estimator and each column is grouped by the month.
The thing is, my query includes data for this year AND last year, but the columns by month should only contain this year's information. So I though simple, I'll create a filter: Year(variable_date) = Year(Today()).
When I do this, no record information shows up. But then I changed the column to group by month AND year and suddenly, it works. Only 2015 records show up in the calculations per month.
Why did I need to group it by month AND year? Why couldn't I just group by month and have the filter remove records that didn't have the correct year using the filter group property tab?
Thanks!
P.S. I hope I have the tags right...
It sounds like month and year are separate fields. So when you group only by month it is grouping all of the rows where the value for that field is the same. (Month=8 exists in 2014 and 2015.) The values are just numbers to SSRS and it doesn't know it needs to look at the year field too unless you tell it to.