没有看到非计数Y轴聚合的任何字段 [英] Not seeing any Fields for a non-Count Y-Axis aggregation

问题描述

我正在尝试从http日志中得出平均响应时间.当我转到可视化"并尝试使用条形图或折线图时，每次选择除Count(即平均值"，总和"，最大值"等)之外的其他聚合类型时，字段"下拉列表中都不会得到任何值.我相信X轴应该/可以只是一个日期直方图.

I'm trying to graph out average response time from http logs. When I go to Visualize and try either a bar or line graph, any time that select a different Aggregation type besides Count(ie Average, Sum, Max, etc), I never get any values in the Field drop down. I believe that the X-Axis should/could just be a Date Histogram.

我的查询看起来像这样:"host:'hostname'AND file:'access.log'"，它生成大量结果作为Count，但是同样，似乎无法弄清楚如何绘制出该结果随时间变化的其他趋势(计数之外).我可以确认我的所有字段都已被编入索引.

My query looks like this: "host:'hostname' AND file:'access.log'", which generates a ton of results as a Count, but again, can't seem to figure out how to graph out that other trend over time(outside of a count). I can confirm all my fields are being indexed.

谢谢.

推荐答案

在这种情况下，问题归结为映射，以及如何将字段全部解释为字符串，这使得无法执行其他任何与数字相关的操作集合体.我发现此问题的唯一方法是通过Rashid(Kibana的首席开发人员)发的推文来自Rashid的发给我的推文.

The issue in this case came down to mappings, and how the fields were all being interpreted as strings, which makes it impossible to do any of the other number related Aggregations. The only way I found this out is via a tweet from Rashid(the lead dev of Kibana) tweet from Rashid to me.

基本上，如grok文档中所述，我需要定义映射类型:

Essentially, as documented in the grok docs, I needed to define the mapping type:

%{NUMBER:request_time}

蜜饯:

%{NUMBER:request_time:float}

重新索引和重新映射之后，现在我的字段正在映射到正确的类型，现在我可以进行基于数字的聚合了.

After re-indexing and re-mapping, now my fields are mapping to the right type, and now I can do number based aggregations.

这篇关于没有看到非计数Y轴聚合的任何字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！