Created
August 8, 2019 14:27
-
-
Save anelson-vidscale/9a6927cdd19d1b920e3bf23a91252667 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I am now trying to help you help me by giving you the commands to create the data in elasticsearch | |
| so that we are talking about the same thing. | |
| DELETE alerts | |
| POST _bulk?refresh | |
| { "index" : { "_index" : "alerts", "_id" : "1", "_type" : "log" } } | |
| { "name" : "storage_controller_failure" } | |
| { "index" : { "_index" : "alerts", "_id" : "2", "_type" : "log" } } | |
| { "name" : "storage_controller_failure" } | |
| { "index" : { "_index" : "alerts", "_id" : "3", "_type" : "log" } } | |
| { "name" : "storage_controller_failure" } | |
| { "index" : { "_index" : "alerts", "_id" : "10", "_type" : "log" } } | |
| { "name" : "drive_corrupted" } | |
| { "index" : { "_index" : "alerts", "_id" : "11", "_type" : "log" } } | |
| { "name" : "drive_corrupted" } | |
| GET alerts*/_search | |
| { | |
| "size" : 0, | |
| "aggs": { | |
| "by_name": { | |
| "terms": { | |
| "field": "name", | |
| "size": 10 | |
| } | |
| } | |
| } | |
| } | |
| Here is the response to the GET | |
| { | |
| "took" : 2, | |
| "timed_out" : false, | |
| "_shards" : { | |
| "total" : 2, | |
| "successful" : 2, | |
| "skipped" : 0, | |
| "failed" : 0 | |
| }, | |
| "hits" : { | |
| "total" : 5, | |
| "max_score" : 0.0, | |
| "hits" : [ ] | |
| }, | |
| "aggregations" : { | |
| "by_name" : { | |
| "doc_count_error_upper_bound" : 0, | |
| "sum_other_doc_count" : 0, | |
| "buckets" : [ | |
| { | |
| "key" : "storage_controller_failure", | |
| "doc_count" : 3 | |
| }, | |
| { | |
| "key" : "drive_corrupted", | |
| "doc_count" : 2 | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| Here I try to visualize using vega/v3 | |
| this way (which I think is what flash1293 is suggesting in https://discuss.elastic.co/t/how-can-i-visualize-aggregation-buckets-using-vega-not-vega-lite/194336 | |
| { | |
| "$schema":"https://vega.github.io/schema/vega/v3.json", | |
| "data": | |
| [ { | |
| "name": "aggregations", | |
| "url": { | |
| "%context%": true, | |
| "%timefield%": "@timestamp", | |
| "index": "alerts*", | |
| "body" : { | |
| "size" : 0, | |
| "aggs": { | |
| "by_name": { | |
| "terms": { | |
| "field": "name" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } ], | |
| format: { property: "data.aggregations.buckets" }, | |
| "scales": [ | |
| { | |
| "name": "yscale", | |
| "type": "linear", | |
| "zero": true, | |
| "domain": {"data": "aggregations", "field": "doc_count"}, | |
| "range": "height" | |
| }, | |
| { | |
| "name": "xscale", | |
| "type": "band", | |
| "domain": {"data": "aggregations", "field": "key"}, | |
| "range": "width", | |
| "padding": 0.05 | |
| } | |
| ], | |
| "marks": [ { | |
| "type": "rect", | |
| "from": { "data": "aggregations" }, | |
| "encode": { | |
| "update": { | |
| "x": {"scale": "xscale", "field": "key"}, | |
| "width": {"scale": "xscale", "band": 1}, | |
| "y": {"scale": "yscale", "field": "doc_count"}, | |
| "y2": {"scale": "yscale", "value": 0} | |
| } | |
| } | |
| } ] | |
| } | |
| I get no output | |
| I feel I'm missing something obvious here. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment