用ElasticSearch术语聚合动态创建的桶构建一个Kibana直方图 [英] Build a Kibana Histogram with buckets dynamically created by ElasticSearch terms aggregation

问题描述

我希望能够结合Kibana 条件图的功能（能够根据特定属性的值的唯一性创建存储桶）和直方图图形（根据查询将数据单独分成数据桶，然后根据时间来说明日期）。

I want to be able to combine the functionality of the Kibana Terms Graph (be able to create buckets based on uniqueness of values from a particular attribute) and Histogram Graph (separate data into buckets based on queries and then illustrate the date based on time).

总的来说，我想创建一个直方图，但是我只想基于一个查询的结果创建直方图，而不是像 Kibana演示应用程序。相反，我希望每个桶都是由我特定字段的唯一值动态创建的。例如，考虑我的查询返回的以下数据：

Overall, I want to create a Histogram, but I only want to create the Histogram based on the results of one query, not multiple queries like it's being done in the Kibana demo app. Instead, I want each bucket to be dynamically created per unique value of my particular field. For example, consider the following data returned by my query:

{"myValueType": "New York"}
{"myValueType": "New York"}
{"myValueType": "New York"}
{"myValueType": "San Francisco"}
{"myValueType": "San Francisco"}

还假设每个记录都有一个 timestamp 字段用于按日期分隔直方图数据。在特定的日期，我希望将数据作为3的数量传达到纽约桶中，并将数量计入2 $旧金山桶。但是，对于我的一个链接查询，我只能显示5的计数。当我配置直方图时，我可以指定一个字段用于我的时间戳，但不能创建桶。我可以发送一个字段来计算总/分/最大/平均值，但是这个字段必须是数字的，所以这不是解决方案。

Also assume that each record has a timestamp field for separating histogram data by date. For that particular date, I want the data to be communicated as a count of 3 into the New York bucket and a count of 2 into the San Francisco bucket. However, I am only able to show a count of 5 for my one linked query. When I configure the Histogram, I am able to specify a field to use for my timestamp, but not to create buckets from. I could've sent a field to compute a total/min/max/mean, but this field would've had to be numeric, so that is not the solution either.

如果要使用术语图创建饼图或条形图，我确实可以根据指定字段的唯一值（在本例中为myValueType）将数据分割成桶，但是这样总共统计数据，不用时间戳分割数据。虽然这是一个很好的信息知道，但并不理想，因为我无法检测到我的数据的趋势。

If I were to use a Term Graph to create a pie or bar graph, I am indeed able to separate my data into buckets based on the unique values of my specified field (in this case, "myValueType"), but this would total up the data for all-time, not split up the data by timestamp. Although this is good information to know, it is not ideal because I wouldn't be able to detect trends in my data.

我正在寻找一个可以做的解决方案以下之一：

I am looking for a solution that will do one of the following:

• 让我在我的Kibana仪表板中动态创建查询，以在直方图中创建buckets


• 允许我运行 ElasticSearch Terms Aggregation to supposidly 将我的数据分解为基于myValueType的数据桶，并将这些结果集成到我的直方图中


• 自定义我的信息中心的JSON，但这对我来说看起来不太可能


• 创建我自己的自定义面板，但这是不可取的


• 在Kibana中链接一个KibanaTopN查询。实际上，这已被证明是我的问题的解决方案，因为TopN查询从指定的fieldName动态创建一个唯一值/ term的查询。但是，问题是我只能将一个颜色链接到这个TopN查询，每个唯一的术语将被放置在使用不同颜色阴影的存储桶中。理想情况下，我的直方图中的每个桶都将具有与之相关的完全不同的颜色。想象一下，随着桶数的增加，区别唯一的术语是多么困难。


• 如果所有其他的失败，我从我的搜索字段中的每个唯一值进行一个查询。这将允许我每桶具有一种唯一的颜色，但是随着myValueType字段中唯一的术语数量发生变化，我需要继续添加/删除来自Kibana的查询，这可能会变得很麻烦。

• Let me dynamically create queries in my Kibana dash board to create "buckets" in a Histogram
• Allow me to run an ElasticSearch Terms Aggregation to supposidly split up my data into buckets based on "myValueType" and integrate these results into my Histogram
• Customize the JSON of my dashboard, but this doesn't look possible to me
• Create my own custom panel, but this is not desirable
• Link a Kibana "TopN" query in Kibana. Actually, this has proven to be a work-around for my problem because the TopN query dynamically created one query per unique value/term from the specified fieldName. However, the problem is that I can only link one colour to this TopN query and each unique term will be placed in a bucket that uses a different shade of the colour. Ideally, every bucket in my Histogram will have a completely different colour associated to it. Imagine how difficult it will be to distinguish unique terms as the number of buckets grows.
• If all else fails, I make one query per unique value from my search field. This will allow me to have one unique colour per bucket, but as the number of unique terms in the "myValueType" field changes, I need to keep adding/removing queries from Kibana, which can get quite messy.

我确定有一些我在这里错过的。请帮我出来非常感谢。

I'm sure there is someting that I am missing here. Please help me out. Many thanks.

高度相关的SOF问题：是否可能在基巴那使用直方图方面或其卷曲响应

A highly related SOF question: Is it Possible to Use Histogram Facet or Its Curl Response in Kibana

推荐答案

这将是一个很好的功能。看起来它会在Kibana4中得到支持，但是似乎没有比这更多的信息。

This would be a great feature. It looks like it will be supported in Kibana4, but there doesn't seem to be much more info out there than that.

为了参考： https://github.com/elasticsearch/kibana/issues/1249

这篇关于用ElasticSearch术语聚合动态创建的桶构建一个Kibana直方图的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！