def run(self,
data,
title='',
supported_charts='table',
field=None,
order_field='count'):
"""Run the aggregation.
Args:
data: list of dict objects, each entry in the list is a
dictionary, representing a single entry in the aggregation.
title: string with the aggregation title.
supported_charts: Chart type to render. Defaults to table.
field: What field to aggregate on.
order_field: The name of the field that is used for the order
of items in the aggregation, defaults to "count".
Returns:
Instance of interface.AggregationResult with aggregation result.
Raises:
ValueError: data is not supplied.
"""
if not data:
raise ValueError('Data is missing')
self.title = title
if not field:
keys = set()
for row in data:
list(map(keys.add, row.keys()))
keys.discard('count')
keys.discard('bucket_name')
if keys:
field = list(keys)[0]
else:
field = 'count'
# Encoding information for Vega-Lite.
encoding = {
'x': {
'field': field,
'type': 'nominal',
'sort': {
'op': 'sum',
'field': order_field,
'order': 'descending'
}
},
'y': {
'field': 'count',
'type': 'quantitative'
}
}
return interface.AggregationResult(encoding=encoding,
values=data,
chart_type=supported_charts)
def run(self,
data,
title="",
supported_charts="table",
field=None,
order_field="count"):
"""Run the aggregation.
Args:
data: list of dict objects, each entry in the list is a
dictionary, representing a single entry in the aggregation.
title: string with the aggregation title.
supported_charts: Chart type to render. Defaults to table.
field: What field to aggregate on.
order_field: The name of the field that is used for the order
of items in the aggregation, defaults to "count".
Returns:
Instance of interface.AggregationResult with aggregation result.
Raises:
ValueError: data is not supplied.
"""
if not data:
raise ValueError("Data is missing")
self.title = title
if not field:
keys = set()
for row in data:
list(map(keys.add, row.keys()))
keys.discard("count")
keys.discard("bucket_name")
if keys:
field = list(keys)[0]
else:
field = "count"
# Encoding information for Vega-Lite.
encoding = {
"x": {
"field": field,
"type": "nominal",
"sort": {
"op": "sum",
"field": order_field,
"order": "descending"
},
},
"y": {
"field": "count",
"type": "quantitative"
},
}
return interface.AggregationResult(encoding=encoding,
values=data,
chart_type=supported_charts)
def run(self, field, query_string='', query_dsl=''):
"""Run the aggregation.
Args:
field (str): this denotes the event attribute that is used
for aggregation.
query_string (str): the query field to run on all documents prior to
aggregating the results.
query_dsl (str): the query DSL field to run on all documents prior
to aggregating the results. Either a query string or a query
DSL has to be present.
Returns:
Instance of interface.AggregationResult with aggregation result.
Raises:
ValueError: if neither query_string or query_dsl is provided.
"""
if not (query_string or query_dsl):
raise ValueError('Both query_string and query_dsl are missing')
aggregation_spec = get_spec(
field=field, query=query_string, query_dsl=query_dsl)
# Encoding information for Vega-Lite.
encoding = {
'x': {
'field': field,
'type': 'nominal',
'sort': {
'op': 'sum',
'field': 'count',
'order': 'descending'
}
},
'y': {'field': 'count', 'type': 'quantitative'}
}
response = self.elastic_aggregation(aggregation_spec)
aggregations = response.get('aggregations', {})
term_count = aggregations.get('term_count', {})
# If we are doing the aggregation of a specific term we have an extra
# layer.
if 'term_count' in term_count:
term_count = term_count.get('term_count', {})
buckets = term_count.get('buckets', [])
values = []
for bucket in buckets:
d = {
field: bucket.get('key', 'N/A'),
'count': bucket.get('doc_count', 0)
}
values.append(d)
return interface.AggregationResult(encoding, values)
def run(self, field, limit=10):
"""Run the aggregation.
Args:
field: What field to aggregate.
limit: How many buckets to return.
Returns:
Instance of interface.AggregationResult with aggregation result.
"""
self.field = field
# Encoding information for Vega-Lite.
encoding = {
'x': {
'field': field,
'type': 'nominal',
'sort': {
'op': 'sum',
'field': 'count',
'order': 'descending'
}
},
'y': {
'field': 'count',
'type': 'quantitative'
}
}
aggregation_spec = {
'aggs': {
'aggregation': {
'terms': {
'field': '{0:s}.keyword'.format(field),
'size': limit
}
}
}
}
response = self.elastic_aggregation(aggregation_spec)
aggregations = response.get('aggregations', {})
aggregation = aggregations.get('aggregation', {})
buckets = aggregation.get('buckets', [])
values = []
for bucket in buckets:
d = {field: bucket['key'], 'count': bucket['doc_count']}
values.append(d)
return interface.AggregationResult(encoding, values)
def run(
self,
field,
limit=10,
supported_charts="table",
start_time="",
end_time="",
order_field="count",
):
"""Run the aggregation.
Args:
field: What field to aggregate on.
limit: How many buckets to return.
supported_charts: Chart type to render. Defaults to table.
start_time: Optional ISO formatted date string that limits the time
range for the aggregation.
end_time: Optional ISO formatted date string that limits the time
range for the aggregation.
order_field: The name of the field that is used for the order
of items in the aggregation, defaults to "count".
Returns:
Instance of interface.AggregationResult with aggregation result.
"""
self.field = field
formatted_field_name = self.format_field_by_type(field)
# Encoding information for Vega-Lite.
encoding = {
"x": {
"field": field,
"type": "nominal",
"sort": {
"op": "sum",
"field": order_field,
"order": "descending"
},
},
"y": {
"field": "count",
"type": "quantitative"
},
"tooltip": [
{
"field": field,
"type": "nominal"
},
{
"field": order_field,
"type": "quantitative"
},
],
}
aggregation_spec = {
"aggs": {
"aggregation": {
"terms": {
"field": formatted_field_name,
"size": limit
}
}
}
}
aggregation_spec = self._add_query_to_aggregation_spec(
aggregation_spec, start_time, end_time)
response = self.opensearch_aggregation(aggregation_spec)
aggregations = response.get("aggregations", {})
aggregation = aggregations.get("aggregation", {})
buckets = aggregation.get("buckets", [])
values = []
for bucket in buckets:
d = {field: bucket["key"], "count": bucket["doc_count"]}
values.append(d)
return interface.AggregationResult(
encoding=encoding,
values=values,
chart_type=supported_charts,
sketch_url=self._sketch_url,
field=field,
)
def run(self,
field,
limit=10,
supported_charts='table',
start_time='',
end_time='',
order_field='count'):
"""Run the aggregation.
Args:
field: What field to aggregate on.
limit: How many buckets to return.
supported_charts: Chart type to render. Defaults to table.
start_time: Optional ISO formatted date string that limits the time
range for the aggregation.
end_time: Optional ISO formatted date string that limits the time
range for the aggregation.
order_field: The name of the field that is used for the order
of items in the aggregation, defaults to "count".
Returns:
Instance of interface.AggregationResult with aggregation result.
"""
self.field = field
formatted_field_name = self.format_field_by_type(field)
# Encoding information for Vega-Lite.
encoding = {
'x': {
'field': field,
'type': 'nominal',
'sort': {
'op': 'sum',
'field': order_field,
'order': 'descending'
}
},
'y': {
'field': 'count',
'type': 'quantitative'
},
'tooltip': [{
'field': field,
'type': 'nominal'
}, {
'field': order_field,
'type': 'quantitative'
}],
}
aggregation_spec = {
'aggs': {
'aggregation': {
'terms': {
'field': formatted_field_name,
'size': limit
}
}
}
}
aggregation_spec = self._add_query_to_aggregation_spec(
aggregation_spec, start_time, end_time)
response = self.elastic_aggregation(aggregation_spec)
aggregations = response.get('aggregations', {})
aggregation = aggregations.get('aggregation', {})
buckets = aggregation.get('buckets', [])
values = []
for bucket in buckets:
d = {field: bucket['key'], 'count': bucket['doc_count']}
values.append(d)
return interface.AggregationResult(encoding=encoding,
values=values,
chart_type=supported_charts,
sketch_url=self._sketch_url,
field=field)
def run(self,
field,
query_string='',
query_dsl='',
supported_charts='table',
start_time='',
end_time='',
limit=10):
"""Run the aggregation.
Args:
field (str): this denotes the event attribute that is used
for aggregation.
query_string (str): the query field to run on all documents prior to
aggregating the results.
query_dsl (str): the query DSL field to run on all documents prior
to aggregating the results. Either a query string or a query
DSL has to be present.
supported_charts: Chart type to render. Defaults to table.
start_time: Optional ISO formatted date string that limits the time
range for the aggregation.
end_time: Optional ISO formatted date string that limits the time
range for the aggregation.
limit (int): How many buckets to return, defaults to 10.
Returns:
Instance of interface.AggregationResult with aggregation result.
Raises:
ValueError: if neither query_string or query_dsl is provided.
"""
if not (query_string or query_dsl):
raise ValueError('Both query_string and query_dsl are missing')
self.field = field
formatted_field_name = self.format_field_by_type(field)
aggregation_spec = get_spec(field=formatted_field_name,
limit=limit,
query=query_string,
query_dsl=query_dsl)
aggregation_spec = self._add_query_to_aggregation_spec(
aggregation_spec, start_time=start_time, end_time=end_time)
# Encoding information for Vega-Lite.
encoding = {
'x': {
'field': field,
'type': 'nominal',
'sort': {
'op': 'sum',
'field': 'count',
'order': 'descending'
}
},
'y': {
'field': 'count',
'type': 'quantitative'
},
'tooltip': [{
'field': field,
'type': 'nominal'
}, {
'field': 'count',
'type': 'quantitative'
}],
}
response = self.elastic_aggregation(aggregation_spec)
aggregations = response.get('aggregations', {})
aggregation = aggregations.get('aggregation', {})
buckets = aggregation.get('buckets', [])
values = []
for bucket in buckets:
d = {
field: bucket.get('key', 'N/A'),
'count': bucket.get('doc_count', 0)
}
values.append(d)
if query_string:
extra_query_url = 'AND {0:s}'.format(query_string)
else:
extra_query_url = ''
return interface.AggregationResult(encoding=encoding,
values=values,
chart_type=supported_charts,
sketch_url=self._sketch_url,
field=field,
extra_query_url=extra_query_url)
def run(
self,
field,
query_string="",
query_dsl="",
supported_charts="table",
start_time="",
end_time="",
limit=10,
):
"""Run the aggregation.
Args:
field (str): this denotes the event attribute that is used
for aggregation.
query_string (str): the query field to run on all documents prior to
aggregating the results.
query_dsl (str): the query DSL field to run on all documents prior
to aggregating the results. Either a query string or a query
DSL has to be present.
supported_charts: Chart type to render. Defaults to table.
start_time: Optional ISO formatted date string that limits the time
range for the aggregation.
end_time: Optional ISO formatted date string that limits the time
range for the aggregation.
limit (int): How many buckets to return, defaults to 10.
Returns:
Instance of interface.AggregationResult with aggregation result.
Raises:
ValueError: if neither query_string or query_dsl is provided.
"""
if not (query_string or query_dsl):
raise ValueError("Both query_string and query_dsl are missing")
self.field = field
formatted_field_name = self.format_field_by_type(field)
aggregation_spec = get_spec(
field=formatted_field_name,
limit=limit,
query=query_string,
query_dsl=query_dsl,
)
aggregation_spec = self._add_query_to_aggregation_spec(
aggregation_spec, start_time=start_time, end_time=end_time
)
# Encoding information for Vega-Lite.
encoding = {
"x": {
"field": field,
"type": "nominal",
"sort": {"op": "sum", "field": "count", "order": "descending"},
},
"y": {"field": "count", "type": "quantitative"},
"tooltip": [
{"field": field, "type": "nominal"},
{"field": "count", "type": "quantitative"},
],
}
response = self.opensearch_aggregation(aggregation_spec)
aggregations = response.get("aggregations", {})
aggregation = aggregations.get("aggregation", {})
buckets = aggregation.get("buckets", [])
values = []
for bucket in buckets:
d = {field: bucket.get("key", "N/A"), "count": bucket.get("doc_count", 0)}
values.append(d)
if query_string:
extra_query_url = "AND {0:s}".format(query_string)
else:
extra_query_url = ""
return interface.AggregationResult(
encoding=encoding,
values=values,
chart_type=supported_charts,
sketch_url=self._sketch_url,
field=field,
extra_query_url=extra_query_url,
)
