raulsperoni
commented
4 years ago Could you provide the query inspector result? I don't see anything wrong there except maybe that you should order by doc count. But that is not what's causing the error.
Closed fadjar340 closed 4 years ago
raulsperoni
commented
4 years ago Could you provide the query inspector result? I don't see anything wrong there except maybe that you should order by doc count. But that is not what's causing the error.
fadjar340
commented
4 years ago Below the result of query inspector, I just remove a lots of lines, because the result more than 200k lines...
{
"request": {
"url": "api/datasources/proxy/37/_msearch?max_concurrent_shard_requests=5",
"method": "POST",
"data": "{\"search_type\":\"query_then_fetch\",\"ignore_unavailable\":true,\"index\":\"winlogbeat-*\"}\n{\"size\":0,\"query\":{\"bool\":{\"filter\":[{\"range\":{\"@timestamp\":{\"gte\":1594967774313,\"lte\":1594989374313,\"format\":\"epoch_millis\"}}},{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.module:security AND host.hostname: (\\\"GFHSVRINETAPP\\\" OR \\\"GFHSVRINETDB\\\")\"}}]}},\"aggs\":{\"3\":{\"terms\":{\"field\":\"user.name\",\"size\":500,\"order\":{\"_key\":\"desc\"},\"min_doc_count\":1},\"aggs\":{\"2\":{\"date_histogram\":{\"interval\":\"20s\",\"field\":\"@timestamp\",\"min_doc_count\":0,\"extended_bounds\":{\"min\":1594967774313,\"max\":1594989374313},\"format\":\"epoch_millis\"},\"aggs\":{}}}}}}\n"
},
"response": {
"took": 60,
"responses": [
{
"took": 60,
"timed_out": false,
"_shards": {
"total": 9,
"successful": 9,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": null,
"hits": []
},
"aggregations": {
"3": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"2": {
"buckets": [
{
"key_as_string": "1594968940000",
"key": 1594968940000,
"doc_count": 8
},
{
"key_as_string": "1594969080000",
"key": 1594969080000,
"doc_count": 6
}
]
},
"key": "user",
"doc_count": 152
},
{
"2": {
"buckets": [
{
"key_as_string": "1594989320000",
"key": 1594989320000,
"doc_count": 0
},
{
"key_as_string": "1594989340000",
"key": 1594989340000,
"doc_count": 0
},
{
"key_as_string": "1594989360000",
"key": 1594989360000,
"doc_count": 0
}
]
},
"key": "someone",
"doc_count": 1
},
{
"2": {
"buckets": [
{
"key_as_string": "1594989160000",
"key": 1594989160000,
"doc_count": 0
}
]
},
"key": "sip.consultant",
"doc_count": 6
},
{
"2": {
"buckets": [
{
"key_as_string": "1594989360000",
"key": 1594989360000,
"doc_count": 0
}
]
},
"key": "ANONYMOUS LOGON",
"doc_count": 44
}
]
}
},
"status": 200
}
],
"$$config": {
"url": "api/datasources/proxy/37/_msearch?max_concurrent_shard_requests=5",
"method": "POST",
"data": "{\"search_type\":\"query_then_fetch\",\"ignore_unavailable\":true,\"index\":\"winlogbeat-*\"}\n{\"size\":0,\"query\":{\"bool\":{\"filter\":[{\"range\":{\"@timestamp\":{\"gte\":1594967774313,\"lte\":1594989374313,\"format\":\"epoch_millis\"}}},{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.module:security AND host.hostname: (\\\"GFHSVRINETAPP\\\" OR \\\"GFHSVRINETDB\\\")\"}}]}},\"aggs\":{\"3\":{\"terms\":{\"field\":\"user.name\",\"size\":500,\"order\":{\"_key\":\"desc\"},\"min_doc_count\":1},\"aggs\":{\"2\":{\"date_histogram\":{\"interval\":\"20s\",\"field\":\"@timestamp\",\"min_doc_count\":0,\"extended_bounds\":{\"min\":1594967774313,\"max\":1594989374313},\"format\":\"epoch_millis\"},\"aggs\":{}}}}}}\n"
}
}
}Regards, Fadjar Tandabawana
raulsperoni
commented
4 years ago Sorry, there is a "Data" tab in query inspector that would be more useful
fadjar340
commented
4 years ago Below is the data..
raulsperoni
commented
4 years ago I think the second group by shouldn't be there. Also I'm not seeing any text column. This are my settings, for testing pourposes you can try the "Transform" tab next to "Query" to shape your data.
fadjar340
commented
4 years ago Yes.... It's works...
You can close this issue..
Thank you very much
Regards, Fadjar Tandabawana
I use latest Grafana 7.1.0 and latest magnesium-wordcloud=panel and I got e.series[n.series_index] is undefined and the panel didn't work. I saw that the data was hit and reply the result, but no result in the panel
Please advice...
Regards, Fadjar Tandabawana