Search code examples
elasticsearchvisualizationkibana

Visualizing a custom query in kibana

I've got this custom query for Elasticsearch:

{
  "query": { "match_all": {} },
    "size": 0,
    "aggs": {
        "hour": {
            "histogram": {
                "script": "doc['startTime'].date.hourOfDay",
                "interval": 1,
                "min_doc_count": 0,
                "extended_bounds": {
                    "min": 0,
                    "max": 23
                },
                "lang":"groovy"
            }
        }
    }
}

Which, when ran through postman, gives the following result (not complete):

 "aggregations": {
    "hour": {
      "buckets": [
        {
          "key": 0,
          "doc_count": 18359
        },
        {
          "key": 1,
          "doc_count": 18361
        },
        {
          "key": 2,
          "doc_count": 18183
        },
        {
          "key": 3,
          "doc_count": 19729
        },

Thing is, now I want to visualise these buckets in Kibana. The goal is to show 24 bars each with their respective doc_count.

If I put the query into the search bar however I get the error:

Visualize: [filtered] query does not support [query].

Going into the visualize tab and adding an x-asis of aggregation type "Date histogram", field "startTime" (which is my date field), interval auto and the following json:

{
    "histogram": {
        "script": "doc['startTime'].date.hourOfDay",
        "interval": 1,
        "min_doc_count": 0,
        "extended_bounds": {
            "min": 0,
            "max": 23
        },
        "lang":"groovy"
    }
}

also produces an error: Visualize: Unknown key for a START_OBJECT in [2]: [histogram].

Been reading up on different solutions for the past 3 hours and haven't stumbled accross any working solutions.

Some more info:

"version": {
  "number": "2.3.3",
  "build_hash": "218bdf10790eef486ff2c41a3df5cfa32dadcfde",
  "build_timestamp": "2016-05-17T15:40:04Z",
  "build_snapshot": false,
  "lucene_version": "5.5.0"
}
  • Kibana version: 4.5.0
  • Kibana build: 9889

Anyone out there that can give me a hand :)?

Solution

  • You can do this by using the 'JSON Input' option in Kibana:

    1. Create a new vertical bar visualization
    2. Under XAxis, select a 'Histogram' visualization and select any field from the list
    3. Select any Interval
    4. Click the 'Advanced' caret and Input the following into the text box
    {
  "script": "doc['startTime'].date.hourOfDay",
  "interval": 1,
  "min_doc_count": 0,
  "extended_bounds": {
    "min": 0,
    "max": 23
  },
  "lang": "groovy"
}

    Another option is to create a new scripted field and use that:

    1. Go to Settings -> Click on your index pattern on the left
    2. Select the 'Scripted fields' tab (right next to the 'Fields' tab)
    3. Click 'Add Scripted Field'
    4. Name the field something like startTime_hourofday
    5. Under the script input, set: doc['startTime'].getHourOfDay()
    6. Now you can create a new visualization, as you tried to do without any special or custom JSON Input by simply selecting the startTime_hourofday from the field list.