search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.71k stars 8.13k forks source link

kibana table to display _source data in visualization table #38897

Closed bsturg closed 1 year ago

bsturg commented 5 years ago

Describe the feature: I have top-hits search where I would like to display results in a visualization data table. The visualization currently displays the aggregation output, but it does not display the data from the _source includes within top hits aggregation.

When the search is run from dev-tools, the data looks good.

Repeatable steps to create test index, data and query using 7.0.1.

#----
# delete / create index
#----
DELETE /index1
PUT /index1
{
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 0
  },
  "mappings": {
    "properties": {
      "itemid": {
        "type": "integer"
      },
      "trans_date": {
        "type": "date",
        "format": "yyyy-MM-dd HH:mm:ss"
      },
      "status": {
        "type": "keyword"
      },
      "level": {
        "type": "float"
      },
      "alert": {
        "type": "keyword"
      }
    }
  }
}

#----
# populate index with data
#----
POST index1/_doc
{
  "itemid":1,
  "trans_date": "2019-05-17 03:14:00",
  "status": "OFF",
  "level": 50.0,
  "alert": "over"
}
POST index1/_doc
{
  "itemid":2,
  "trans_date": "2019-05-17 04:24:00",
  "status": "OFF",
  "level": 30.0,
  "alert": "fast"
}
POST index1/_doc
{
  "itemid":3,
  "trans_date": "2019-05-17 05:19:00",
  "status": "OFF",
  "level": 75.0,
  "alert": "temperature too high"
}
POST index1/_doc
{
  "itemid":1,
  "trans_date": "2019-05-17 06:43:00",
  "status": "ON",
  "level": 15.0,
  "alert": "door open"
}
POST index1/_doc
{
  "itemid":1,
  "trans_date": "2019-05-17 08:57:00",
  "status": "OFF",
  "level": 20.0,
  "alert": "engine off"
}
POST index1/_doc
{
  "itemid":2,
  "trans_date": "2019-05-17 10:38:00",
  "status": "ON",
  "level": 40.0,
  "alert": "temperature too low"
}

#----
# search - top hits
#----
GET /index1/_search
{
  "size": 0,
  "aggs": {
    "itemId_response": {
      "terms": {
        "field": "itemid"
      },
      "aggs": {
        "trans_date_response": {
          "top_hits": {
            "sort": [
              {
                "trans_date": {
                  "order": "desc"
                }
              }
            ],
            "_source": {
              "includes": [
                "trans_date",
                "status",
                "alert"
              ]
            },
            "size": 1
          }
        }
      }
    }
  }
}

Output

{
  "took" : 18,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 6,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "itemId_response" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : 1,
          "doc_count" : 3,
          "trans_date_response" : {
            "hits" : {
              "total" : {
                "value" : 3,
                "relation" : "eq"
              },
              "max_score" : null,
              "hits" : [
                {
                  "_index" : "index1",
                  "_type" : "_doc",
                  "_id" : "KnFxUWsBOe9dFK04gqOO",
                  "_score" : null,
                  "_source" : {
                    "trans_date" : "2019-05-17 08:57:00",
                    "alert" : "engine off",
                    "status" : "OFF"
                  },
                  "sort" : [
                    1558083420000
                  ]
                }
              ]
            }
          }
        },
        {
          "key" : 2,
          "doc_count" : 2,
          "trans_date_response" : {
            "hits" : {
              "total" : {
                "value" : 2,
                "relation" : "eq"
              },
              "max_score" : null,
              "hits" : [
                {
                  "_index" : "index1",
                  "_type" : "_doc",
                  "_id" : "K3FxUWsBOe9dFK04gqOx",
                  "_score" : null,
                  "_source" : {
                    "trans_date" : "2019-05-17 10:38:00",
                    "alert" : "temperature too low",
                    "status" : "ON"
                  },
                  "sort" : [
                    1558089480000
                  ]
                }
              ]
            }
          }
        },
        {
          "key" : 3,
          "doc_count" : 1,
          "trans_date_response" : {
            "hits" : {
              "total" : {
                "value" : 1,
                "relation" : "eq"
              },
              "max_score" : null,
              "hits" : [
                {
                  "_index" : "index1",
                  "_type" : "_doc",
                  "_id" : "KHFxUWsBOe9dFK04gqNK",
                  "_score" : null,
                  "_source" : {
                    "trans_date" : "2019-05-17 05:19:00",
                    "alert" : "temperature too high",
                    "status" : "OFF"
                  },
                  "sort" : [
                    1558070340000
                  ]
                }
              ]
            }
          }
        }
      ]
    }
  }
}

Describe a specific use case for the feature: Currently, all my users have access to visualizations and not dev-tools. So, I would like to present this data to my users so they can find all the data in one place.

elasticmachine commented 5 years ago

Pinging @elastic/kibana-app

immon commented 5 years ago

As an option, the entry in data table view could be clickable and bring you to the list of all top_hit entries.

stratoula commented 1 year ago

Thank you for contributing to this issue, however, we are closing this issue due to inactivity as part of a backlog grooming effort. If you believe this feature/bug should still be considered, please reopen with a comment.