I am working on ELK stack to process Apache access logs. Spent a lot of time understanding Query DSL format so that more complex queries can be written. Currently am facing issues with running the queries in kibana interface but the same queries work just fine when posted using curl from command line.
Kibana version: 4.1.0
Elasticsearch version: 1.6.0
Java: 1.8.0_45
Using curl(working):
curl -XGET http://localhost:9200/cars/transactions/_search?search_type=count -d '{
"aggs" : {
"colors" : {
"terms" : {
"field" : "color"
}
}
}
}
Used data from here.
Using kibana(not working):
{ "aggs" : { "colors" : { "terms" : { "field" : "color" } } } }
Error:
org.elasticsearch.index.query.QueryPassingException:[.kibana] No query registered for [aggs]
Below are some of the queries I managed to run successfully in kibana using Query DSL on apache access log data:
{"filtered":{"filter":{"bool":{"must":{"terms":{"verb":["get"]}}}}}}{"filtered":{"filter":{"bool":{"must_not":{"terms":{"agent":["crawler","spider","nagios"]}}}}}}
I have already searched google about it for hours but without luck.
I am not sure you can do this as the Discovery section already uses the timestamp aggregation.
Can you explain what are you trying to do? There are ways to add customer aggregations in the visualizations. If you open up the advanced section on the aggregation in the visualization you can see the ability to enter json that include additional aggregations or other parameters.
If you give me an example of what you are trying to do I can try and help - the example you gave can be easily done with the Kibana UI.