我的书签
添加书签
移除书签Supported aggregations
Use the supported aggregations to build your visualizations.
Metric aggregations
Metric aggregations extract field from documents to generate data values.
The mean value.
The total number of documents that match the query, which allows you to visualize the number of documents in a bucket. Count is the default value.
The highest value.
The value that is in the 50% percentile.
The lowest value.
Returns the percentile rankings for the values in the specified numeric field. Select a numeric field from the drop-down, then specify one or more percentile rank values in the Values fields.
Divides the values in a numeric field into specified percentile bands. Select a field from the drop-down, then specify one or more ranges in the Percentiles fields.
Standard Deviation
Requires a numeric field. Uses the extended stats aggregation.
The total value.
Returns a sample of individual documents. When the Top Hit aggregation is matched to more than one document, you must choose a technique for combining the values. Techniques include average, minimum, maximum, and sum.
Unique Count
The Cardinality of the field within the bucket.
Alternatively, you can override the field values with a script using JSON input. For example:
{ "script" : "doc['grade'].value * 1.2" }
The example implements a Elasticsearch Script Value Source, which replaces the value in the metric. The options available depend on the aggregation you choose.
Parent pipeline aggregations
Parent pipeline aggregations assume the bucket aggregations are ordered and are especially useful for time series data. For each parent pipeline aggregation, you must define a bucket aggregation and metric aggregation.
You can also nest these aggregations. For example, if you want to produce a third derivative.
Executes a script that performs computations for each bucket that specifies metrics in the parent multi-bucket aggregation.
Calculates the cumulative sum of a specified metric in a parent histogram.
Calculates the derivative of specific metrics.
Slides a window across the data and emits the average value of the window.
Values in a time series are subtracted from itself at different time lags or periods.
Sibling pipeline aggregations
Sibling pipeline aggregations condense many buckets into one. For each sibling pipeline aggregation, you must define a bucket aggregations and metric aggregation.
Calculates the mean, or average, value of a specified metric in a sibling aggregation.
Calculates the maximum value of a specified metric in a sibling aggregation.
Calculates the minimum value of a specified metric in a sibling aggregation.
Calculates the sum of the values of a specified metric in a sibling aggregation.
Bucket aggregations
Bucket aggregations sort documents into buckets, depending on the contents of the document.
Splits a date field into buckets by interval. If the date field is the primary time field for the index pattern, it chooses an automatic interval for you. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch. For example, the tooltip for a monthly interval displays the first day of the month.
Reports values that are within a range of dates that you specify. You can specify the ranges for the dates using date math expressions.
Each filter creates a bucket of documents. You can specify a filter as a KQL or Lucene query string.
Displays points based on a geohash. Supported by data table visualizations and Maps.
Groups points based on web map tiling. Supported by data table visualizations and Maps.
Builds from a numeric field.
Specify ranges of IPv4 addresses.
Specify ranges of values for a numeric field.
Returns interesting or unusual occurrences of terms in a set. Supports Elasticsearch exclude and include patterns.
Specify the top or bottom n elements of a given field to display, ordered by count or a custom metric. Supports Elasticsearch exclude and include patterns.
Kibana filters string fields with only regular expression patterns, and does not filter numeric fields or match with arrays.
For example:
- You want to exclude the metricbeat process from your visualization of top processes:
metricbeat.* - You only want to show processes collecting beats:
.*beat - You want to exclude two specific values, the string
"empty"and"none":empty|none
Patterns are case sensitive.
