lmb*_*loo 5 elasticsearch vega kibana
我正在使用 Kibana 7.1。
我已经成功创建了 Vega 线图。我可以允许它显示月份的数据,但是我希望用户在仪表板中使用时间过滤器,并允许 vega 可视化随之改变。
从https://www.elastic.co/blog/getting-started-with-vega-visualizations-in-kibana和 Vega 文档中我读到插入
"%context%": true,
"%timefield%": "@timestamp"
内部网址将解决这个问题,但是当我这样做时,它给了我
url.%context% and url.%timefield% must not be used when url.body.query is set
我的完整的elasticsearch代码如下所示:
"data": {
"url": {
"%context%":"true",
"index": "access_log",
"body": {
"query": {
"bool": {
"must": [
{"term": {"request_1": "rent"}},
{"term": {"status": 200}}
]
}
},
"aggs": {
"histo": {
"date_histogram": {
"field": "date",
"interval": "day"
},
"aggs": {
"start_agg": {
"filter": {
"term": {"request_2": "start"}
}
},
"check_agg": {
"filter": {
"term": {"request_2": "check"}
}
},
"start_check": {
"bucket_script": {
"buckets_path": {
"start_count": "start_agg._count",
"check_count": "check_agg._count"
},
"script": "params.start_count / params.check_count"
}
}
}
}
}
}
},
"format": {
"property": "aggregations.histo.buckets"
}
},
"mark": {
"type":"line"
},
"encoding": {
"x": {
"field": "key",
"type": "temporal",
"axis": {"title": false}
},
"y": {
"field": "start_check.value",
"type": "quantitative",
"axis": {"title": "Document count"}
},
"tooltip":[
{"field":"start_check.value",
"type" : "quantitative"},
{"field":"key",
"type" :"temporal"}
]
}
}
引用Elastic 的 Vega 对 Kibana 的参考:
使用
"%context%": true或定义主体值时"%timefield%"不能包含查询。要在 VEGA 规范内自定义查询(例如添加附加过滤器或移动时间过滤器),请定义您的查询并使用占位符,如上例所示。解析后,占位符将被仪表板或可视化的实际上下文替换。
他们所说的“上面的例子”如下:
{
body: {
query: {
bool: {
must: [
// This string will be replaced
// with the auto-generated "MUST" clause
"%dashboard_context-must_clause%"
{
range: {
// apply timefilter (upper right corner)
// to the @timestamp variable
@timestamp: {
// "%timefilter%" will be replaced with
// the current values of the time filter
// (from the upper right corner)
"%timefilter%": true
// Only work with %timefilter%
// Shift current timefilter by 10 units back
shift: 10
// week, day (default), hour, minute, second
unit: minute
}
}
}
]
must_not: [
// This string will be replaced with
// the auto-generated "MUST-NOT" clause
"%dashboard_context-must_not_clause%"
]
filter: [
// This string will be replaced
// with the auto-generated "FILTER" clause
"%dashboard_context-filter_clause%"
]
}
}
}
}
并且,正如文档中已经定义的那样:
"%dashboard_context-must_clause%":字符串被包含过滤器的对象替换"%dashboard_context-filter_clause%":字符串替换为包含过滤器的对象"%dashboard_context-must_not_clause%":字符串替换为包含过滤器的对象
因此,如果您想使用用户定义的过滤器或同时具有自定义查询的时间过滤器,则必须使用这三个字符串而不是"%context%": true. 它们将由 Kibana 解析并由 Elasticsearch 查询对象替换:分别为“MUST”、“FILTER”和“MUST_NOT”。
像这样的简单模式可能会有用:
{
body: {
query: {
bool: {
must: [
// {
// A "MUST" clause of yours
// },
"%dashboard_context-must_clause%"
]
must_not: [
// {
// A "MUST_NOT" clause of yours
// },
"%dashboard_context-must_not_clause%"
]
filter: [
// {
// A "FILTER" clause of yours
// },
"%dashboard_context-filter_clause%"
]
}
}
}
}
如果某些类别中没有任何子句,只需保留相应的"%dashboard_context-XXXXX_clause%"字符串而不包含其他对象 - 就像第一个示例中的“FILTER”或“MUST_NOT”一样。