I'm a newbie to kibana.
I have following data stored in ES:
{
"_index": "test",
"_type": "impressions",
"_id": "AVZ4QLgkLqvQLIzbvF4e",
"_version": 1,
"_score": 1,
"_source": {
"campaign_id": "1011",
"count": 691,
"played_dt": "2016-01-02"
}
}
So, basically I have counts per campaign_id which is already aggregated data.
I want a simple bar chart which plots counts per campaign_id where X axis is campaign_id and Y axis is it's count.
I'm getting hits for that specific campaign_id as unique count rather than the actual value in count field.
Thanks in advance!
Go to "Visualize" tab, select "Vertical bar chart":
Choose new search and select appropriate index. Now you probably want to visualize your data in time. So, on X axis use "Date histogram" and select your time filed (played_dt).
Now you can use e.g. "Split bars", use splitting by terms and select campaign_id field.
Related
I have an index which contains information about some objects. I want to display some of the information on my Kibana's dasboard. Lets assume an object looks as follows:
{
"_index": "obj",
"_type": "_doc",
"_id": "KwDPAHABfo5V345r4IYV",
"_version": 1,
"_score": 0,
"_source": {
"value_1": "some value",
"value_2": "some_other value",
"owner": "jason",
"modified_date": "2020-02-01T12:53:08.210317+00:00",
"created_date": "2020-02-01T12:53:08.243980+00:00"
}
}
I need to show (live) number of objects that has owner: 'UNKNOWN'. Thing is, that this value changes in time. Each change is a new document - they are not being updated. I need to track how many UNKNOWN owners currently I see. Updates (new documents) are being sent to elk in fixed intervals.
When I try to set up a metric, it sometimes shows 0, during the window between one update and another - when there is no documents flowing into elk. How can I make Kibana display only last documents with owner: 'UNKNOWN'?
How can I make Kibana display only last documents with owner: 'UNKNOWN'?
You could set up a data table visualization for that as an alternative to the one-dimensional metric visualization.
This is how I personally would configure the data table:
Set a filter with 'owner(.keyword) is UNKNOWN'.
Use the metric 'Top Hit' on the field created_date (or #timestamp, thats up to you) instead of the count metric.
Set the order to descending based on the timestamp field.
Split the rows (Term Aggregations) for every field you want to display in the rows. This will create 'columns' in your table.
Go to the options tab and enable count on the sum of all rows.
Set an appropriate time interval, e.g. last 1 hour.
This will display all the relevant data of your documents that have the field owner equal to UNKNOWN. Also, you see the ingestion/creation date timestamp of these documents in a descending order. Furthermore, you see the number of documents that match (configured via the options tab as described above).
I hope I could help you.
In ElasticSearch I have some sample data, against which I would like to visualize the line charts in Kibana 4. Samples in ElasticSearch look like this:
"_id": "AVhNy_dxcW7axK5BvIEO",
"timeStamp": "2016-11-11T05:39:10.5844951Z",
"analyticSource": [
{
"analyticId": "A",
"analyticUnit": "sec",
"analyticValue": 0.22743704915046692
},
{
"analyticId": "B",
"analyticUnit": "sec",
"analyticValue": 0.14946113526821136
}]
and another sample:
"_id": "AVhNxnjscW7axK5Bu-Tl",
"timeStamp": "2016-11-11T05:40:10.5954951Z",
"analyticSource": [
{
"analyticId": "A",
"analyticUnit": "sec",
"analyticValue": 0.20143736898899078
},
{
"analyticId": "B",
"analyticUnit": "sec",
"analyticValue": 0.09747125953435898
}]
For now Kibana just plot plot according to the column Id and in this case a single line chart is plotted for analyticValue. What I really want is to plot 2 line chart in Kibana for A and B against timestamp. Is there some kind of script(query) or something where I can say to kibana to seggregate the analyticValue according to analyticId?
Object to array is not suppported on Kibana 4. So I have to create the flat mapping with analyticId, analyticValue, analyticUnit as columnns. Then I aggregate over analyticId and created the line chart with Y axis as max of analyticValue and in X axis selected Date Histogram with time-stamp. I hope this helps to users who lands here.
Such as url index-0/_search?routing=24320,i search data from 24230 routing,but the result is
"_index": "index-0",
"_type": "member",
"_id": "40865630",
"_score": 1,
"_routing": "22500",
Why 22500 match the search condition?
What happens is that when specifying ?routing=24320 in your search query, you're basically selecting the single shard on which documents with the routing value of 24320 have been stored.
Now, since your query doesn't specify any other constraints, you're basically getting all documents stored on that shard, which obviously means that you also get documents whose routing value is 22500 (and probably others, too).
I have a query that is using function_score to rank the results. Here is a sample of what is returned:
{
"_index": "clone",
"_type": "authEvent",
"_id": "6431823",
"_score": 4.8,
"fields": {
"authInput.uID": "MPXWDKW2P",
"authResult.productValue": 1,
"authInput.userName": "F936F3AA-E26C-48DB-BDBC-44956B634260",
"authResult.authEventDate": "2014-02-27T09:29:30.703125-06:00",
"authResult.rulesFailed": [
"AuthCountByUser"
]
}
}
What I want to is take the results and run the equivalent of this SQL statement:
SELECT TOP 20 "authInput.userName", SUM("_score")
FROM foo
GROUP BY "authInput.userName"
ORDER BY SUM("_score") DESC
How can I do this with ES?
NOTE: I'm using ES 0.9x, we will be moving to 1.0.0 soon but we have not yet.
Use a facet query to get the total of the amount returned in the query where the facet contains the field where you need the count
I use logstash to store log files containing the speed of vehicles over time.
In Kibana 3, how can I generate a panel which displays a value over time, i.e. the x axis displays the time and the y axis the related value, e.g. vehicle speed.
Most panels I found count the occurrence of events in a given time span and display it on the y axis. My goal however is to directly print a value from the json log entry (wheelSpeed_m_s), which looks as follows:
{
"_index": "logstash-2013.05.07",
"_type": "vehicle_odometry",
"_id": "Q3b58Pi7RUKuPon0s_ihlA",
"_score": null,
"_source": {
"message": " ",
"wheelSpeed_m_s": 0.91,
"#timestamp": "2013-05-07T17:50:04.099+02:00",
"angularVelocity_rad_s": 0,
"type": "vehicle_odometry",
"#version": "1",
"ts_ms": 1367934604099
},
}
Any help is highly appreciated.
In the histogram panel, click the "Configure" (gear) icon, then select the "Panel" tab.
On that tab, you can select the "Chart value". This defaults to count, but can be any of the basic math set functions (mean, max, min, total). Select the function, and you'll be asked to enter the field to which the function should be applied:
OP: please don't accept this answer (rutter deserves the points for getting you straight). I leave the info here to complete the question so it's not marked as 'unanswered'.