I got two queries where each of them returns an (for my case) correct aggregation.
POST /my_target_0001/_search
{
"query": {
"term": {
"locked": true
}
},
"aggs": {
"abc_per_day": {
"date_histogram": {
"field": "lastModified",
"calendar_interval": "day",
"format": "yyyy-MM-dd"
}
}
}
}
and
POST /my_target_0002/_search
{
"aggs": {
"xyz_per_day": {
"date_histogram": {
"field": "lastModified",
"calendar_interval": "day",
"format": "yyyy-MM-dd"
}
}
}
}
As you can see the data is aggregated by day. Now I want to display a histogram which shows me the quotient of abc and xyz for each bucket of the same day. As far as I understood I need two steps to finally visualize the data, first build a query which return what I want and secondly put it somewhere in the visualization. So therefore I have two question:
How do I combine the two queries in order to get the result described above?
How do I build a visualization form the query result?
I'm pretty new to elastic search an kibana
You will have to use kibana's Timelion visualisation.
visualize library -> create visualization -> Aggregation based -> Timelion
In this case I am using the same index twice but feel free to use yours.
I am plotting overtime, the ratio between the average number of bytes and the max number of bytes per buckets.
.es(index= kibana_sample_data_logs,
timefield='@timestamp',
metric='avg:bytes')
.divide(
.es(index= kibana_sample_data_logs,
timefield='@timestamp',
metric='max:bytes'))