聚合结果上的 Elasticsearch 存储桶
[英]Elasticsearch buckets on results of aggregation
问题描述
I am using ELK 7.x.
我正在使用 ELK 7.x。 I would like a histogram or bar chart in Kibana on the results of an aggregation.我想要 Kibana 中关于聚合结果的直方图或条形图。 As it's a bit abstract to explain, below is the equivalent SQL query.由于解释起来有点抽象,下面是等效的 SQL 查询。
select count(*) as no_of_docs, doc_type
from documents
group by doc_type
15 pdf
21 doc
17 txt
1 ppt
A histogram or any chart as below:直方图或任何图表如下:
No of docs Count of doc type
(X-Axis) (Y-Axis)
1-10 1 [1 ppt occurrence in the 1-10 bucket]
11-20 2 [1 pdf, 1 txt occurrences in the 11-20 bucket]
21 and above 1 [1 doc occurrence in the 21 and above bucket]
It may not be straightforward, but I do think it should be possible.这可能并不简单,但我确实认为它应该是可能的。
1 个解决方案
解决方案1
0 2020-03-01 12:25:10
I've come up with the below mapping and documents and accordingly created the a Vertical Bar visualizer.我想出了下面的映射和文档,并相应地创建了一个垂直条可视化工具。
Mapping:映射:
PUT my_docs
{
"mappings": {
"properties": {
"doc_type":{
"type": "keyword"
}
}
}
}
Documents:文件:
POST my_docs/_doc/1
{
"doc_type": "pdf"
}
POST my_docs/_doc/2
{
"doc_type": "pdf"
}
POST my_docs/_doc/3
{
"doc_type": "pdf"
}
POST my_docs/_doc/4
{
"doc_type": "jpeg"
}
POST my_docs/_doc/5
{
"doc_type": "jpeg"
}
POST my_docs/_doc/6
{
"doc_type": "txt"
}
POST my_docs/_doc/7
{
"doc_type": "txt"
}
Sample Query and Response:示例查询和响应:
POST /_sql?format=txt
{
"query": "select count(*) as no_of_docs, doc_type from my_docs group by doc_type"
}
no_of_docs | doc_type
---------------+---------------
2 |jpeg
3 |pdf
2 |txt
Kibana Visualizer: Kibana 可视化工具:
Step 1:第1步:
First thing is you would require to create index pattern.第一件事是您需要创建索引模式。 You can check this link as how this could be done.您可以查看此链接以了解如何完成此操作。
Basically visit Management > Kibana > Index Patterns and add the index ie my_docs基本上访问Management > Kibana > Index Patterns并添加索引,即my_docs
Step 2:第2步:
- Click on
Visualizebutton on the left side of Kibana单击 Kibana 左侧的Visualize按钮 - Once you do that, you should see
create new visualization一旦你这样做,你应该看到create new visualization - You should see various types of visualizer presented to you, scroll down and select
Vertical Barvisualizer您应该会看到呈现给您的各种类型的可视化工具,向下滚动并选择Vertical Bar可视化工具 - Now you should select the index on which this visualizer should be applied ie the index
my_docs.现在您应该选择应该应用此可视化工具的索引,即索引my_docs。 Note that if you haven't created index pattern, this index would not show up.请注意,如果您尚未创建索引模式,则该索引不会显示。 - Notice the screen, it already has by default added doc_count as Y axis, all you need to do is configure X-axis注意屏幕,它已经默认添加了 doc_count 作为 Y 轴,您需要做的就是配置 X 轴
- Under the
Bucketssection click on Add and select X-axis在Buckets部分下,单击 Add 并选择 X-axis - Notice you should see X-axis get selected and that
Aggregationfield shows up.请注意,您应该会看到 X 轴被选中并且Aggregation字段出现。 - Select
Termsand when you do that selectdoc_typein theFieldsection.选择Terms,doc_type在Field部分选择doc_type。 - Now click on Blue run button(it should show
Apply Changeswhen you move your cursor on it) next toPanel Settingson the top of this section where you configure the fields.现在单击此部分顶部的Panel Settings旁边的蓝色运行按钮(当您将光标移到它上面时,它应该显示Apply Changes),您可以在其中配置字段。
Below is how the image appears for X-axis part:以下是 X 轴部分的图像显示方式:
Notice that your visualizer is ready.请注意,您的可视化工具已准备就绪。 Below is how it appears in my machine for the above sample data:以下是它在我的机器中显示的上述示例数据的方式:
Let me know if this helps!让我知道这是否有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.