I got two queries where each of them returns an (for my case) correct aggregation.

POST /my_target_0001/_search
{
  "query": {
    "term": {
      "locked": true      
    }
  },
  "aggs": {
    "abc_per_day": {
      "date_histogram": {
        "field": "lastModified",
        "calendar_interval": "day",
        "format": "yyyy-MM-dd"
      }
    }
  }
}

and

POST /my_target_0002/_search
{
  "aggs": {
    "xyz_per_day": {
      "date_histogram": {
        "field": "lastModified",
        "calendar_interval": "day",
        "format": "yyyy-MM-dd"
      }
    }
  }
}

As you can see the data is aggregated by day. Now I want to display a histogram which shows me the quotient of abc and xyz for each bucket of the same day. As far as I understood I need two steps to finally visualize the data, first build a query which return what I want and secondly put it somewhere in the visualization. So therefore I have two question:

How do I combine the two queries in order to get the result described above?

How do I build a visualization form the query result?

I'm pretty new to elastic search an kibana

CodePudding user response：

Tldr;

You will have to use kibana's Timelion visualisation.

visualize library -> create visualization -> Aggregation based -> Timelion

Example

In this case I am using the same index twice but feel free to use yours.

I am plotting overtime, the ratio between the average number of bytes and the max number of bytes per buckets.

.es(index= kibana_sample_data_logs,
    timefield='@timestamp',
    metric='avg:bytes')
   .divide(
       .es(index= kibana_sample_data_logs,
           timefield='@timestamp',
           metric='max:bytes'))