Query Elasticsearch from Grafana

mujina93 · May 14, 2020, 3:33pm

Hello,

I am trying to visualize some data in Grafana that I get from Elasicsearch.

I was able to add the data source and I am able to visualize simple things like the count time series for an index.

What I am not able to do is:

Group by successfully. I am trying to group by with “Terms” and selecting a keyword field (a keyword text field with name structure .keyword).
As soon as I do this, I get “No data” on my Grafana panel.

I also tried to copy the query from Query Inspector > Object > request > data (removing the first json with “search_type” and “index”, and taking the second, which contains the actual query in Query DSL for Elasticsearch) and to use it to make a GET request to elasticsearch.
When I do this, it works and returns the aggregated values. Unfortunately I am not able to edit the query in Grafana, nor to understand fully the additional fields that I find when opening the Query Inspector, nor to understand why specifying terms in the Group by UI gives me no data.

Understand what are the current capabilities of querying Elasticsearch through Grafana. I tried to input something with Lucene syntax in the open text field “Query” and I get some values. But I am not able to put there queries written in Query DSL (jsons) there. And I am struggling to find a decent guide with some examples that can help me understanding how to use this.
For example I am not able to answer simple questions like: “Is it possible to aggregate/group by using the Query field?”, “Are the Query field and the Metric + Group by fields 2 orthogonal ways to query data? Or can/should they be used together to structure a query?”.

Thank you in advance for your help.

[I am running Grafana 6.7.3 and Elasticsearch 7.7]

faolan0 · May 20, 2020, 9:25am

Hi,

Grouping by Terms should work, indeed with using the .keyword version of the field. (it is necessary to make elasticsearch and grafana talk nicely to eachother)
When working with elasticsearch setting the Metric field to ‘Logs’ or ‘Raw Document’ is necessary to actually parse the elasticsearch fields.
Grafana doesn’t support the Elasticsearch Query DSL. Only lucene queries.
So it’s indeed not possible to group your data with the query field.
Grouping and aggregations will have to be done in the grafana gui.

mujina93 · May 21, 2020, 1:41pm

Thank you.

Just a further question on the second point. What are you referring to exactly when suggesting that “grouping and aggregations will have to be done in the grafana gui”? Do you suggest to tweak the datasources to get something already aggregated?

faolan0 · May 22, 2020, 9:48am

You can use the group-by functions in the query panel.

And further process your data by using the Transform panel.

Maybe “doesn’t support” was poorly worded. Grafana will build up the query-dsl based on what you enter in the query panel with the ‘Metric’ and ‘Group by’ options.

The above screenshot will result in this query-dsl being fired against elasticsearch:

{
    "size": 0,
        "query": {
            "bool": {
                "filter": [
                    {
                        "range": {
                            "@timestamp": {
                                "gte": 1590118795217,
                                "lte": 1590140395217,
                                "format": "epoch_millis"
                            }
                        }
                    },
                    {
                        "query_string": {
                            "analyze_wildcard": true,
                            "query": "*"
                        }
                    }
                ]
            }
        },
        "aggs": {
            "3": {
                "terms": {
                    "field": "application.keyword",
                    "size": 10,
                    "order": {
                        "_term": "desc"
                    },
                    "min_doc_count": 0
                },
                "aggs": {
                    "2": {
                        "date_histogram": {
                            "interval": "15s",
                            "field": "@timestamp",
                            "min_doc_count": 0,
                            "extended_bounds": {
                                "min": 1590118795217,
                                "max": 1590140395217
                            },
                            "format": "epoch_millis"
                        },
                        "aggs": {}
                    }
                }
            }
        }
    }

Topic		Replies	Views
Group by Terms my_field.keyword	5	15018	December 1, 2021
How to use filter queries in elasticsearch Elasticsearch	0	3234	December 10, 2020
How to query elasticsearch in Grafana Elasticsearch	0	520	July 30, 2022
Elasticsearch - Multi query frame name Elasticsearch	0	271	July 5, 2023
Group by with Lucene queries (ElasticSearch) Dashboards	1	837	May 13, 2024

Query Elasticsearch from Grafana

Related Topics