def run(self, data, title='', supported_charts='table', field=None, order_field='count'): """Run the aggregation. Args: data: list of dict objects, each entry in the list is a dictionary, representing a single entry in the aggregation. title: string with the aggregation title. supported_charts: Chart type to render. Defaults to table. field: What field to aggregate on. order_field: The name of the field that is used for the order of items in the aggregation, defaults to "count". Returns: Instance of interface.AggregationResult with aggregation result. Raises: ValueError: data is not supplied. """ if not data: raise ValueError('Data is missing') self.title = title if not field: keys = set() for row in data: list(map(keys.add, row.keys())) keys.discard('count') keys.discard('bucket_name') if keys: field = list(keys)[0] else: field = 'count' # Encoding information for Vega-Lite. encoding = { 'x': { 'field': field, 'type': 'nominal', 'sort': { 'op': 'sum', 'field': order_field, 'order': 'descending' } }, 'y': { 'field': 'count', 'type': 'quantitative' } } return interface.AggregationResult(encoding=encoding, values=data, chart_type=supported_charts)
def run(self, data, title="", supported_charts="table", field=None, order_field="count"): """Run the aggregation. Args: data: list of dict objects, each entry in the list is a dictionary, representing a single entry in the aggregation. title: string with the aggregation title. supported_charts: Chart type to render. Defaults to table. field: What field to aggregate on. order_field: The name of the field that is used for the order of items in the aggregation, defaults to "count". Returns: Instance of interface.AggregationResult with aggregation result. Raises: ValueError: data is not supplied. """ if not data: raise ValueError("Data is missing") self.title = title if not field: keys = set() for row in data: list(map(keys.add, row.keys())) keys.discard("count") keys.discard("bucket_name") if keys: field = list(keys)[0] else: field = "count" # Encoding information for Vega-Lite. encoding = { "x": { "field": field, "type": "nominal", "sort": { "op": "sum", "field": order_field, "order": "descending" }, }, "y": { "field": "count", "type": "quantitative" }, } return interface.AggregationResult(encoding=encoding, values=data, chart_type=supported_charts)
def run(self, field, query_string='', query_dsl=''): """Run the aggregation. Args: field (str): this denotes the event attribute that is used for aggregation. query_string (str): the query field to run on all documents prior to aggregating the results. query_dsl (str): the query DSL field to run on all documents prior to aggregating the results. Either a query string or a query DSL has to be present. Returns: Instance of interface.AggregationResult with aggregation result. Raises: ValueError: if neither query_string or query_dsl is provided. """ if not (query_string or query_dsl): raise ValueError('Both query_string and query_dsl are missing') aggregation_spec = get_spec( field=field, query=query_string, query_dsl=query_dsl) # Encoding information for Vega-Lite. encoding = { 'x': { 'field': field, 'type': 'nominal', 'sort': { 'op': 'sum', 'field': 'count', 'order': 'descending' } }, 'y': {'field': 'count', 'type': 'quantitative'} } response = self.elastic_aggregation(aggregation_spec) aggregations = response.get('aggregations', {}) term_count = aggregations.get('term_count', {}) # If we are doing the aggregation of a specific term we have an extra # layer. if 'term_count' in term_count: term_count = term_count.get('term_count', {}) buckets = term_count.get('buckets', []) values = [] for bucket in buckets: d = { field: bucket.get('key', 'N/A'), 'count': bucket.get('doc_count', 0) } values.append(d) return interface.AggregationResult(encoding, values)
def run(self, field, limit=10): """Run the aggregation. Args: field: What field to aggregate. limit: How many buckets to return. Returns: Instance of interface.AggregationResult with aggregation result. """ self.field = field # Encoding information for Vega-Lite. encoding = { 'x': { 'field': field, 'type': 'nominal', 'sort': { 'op': 'sum', 'field': 'count', 'order': 'descending' } }, 'y': { 'field': 'count', 'type': 'quantitative' } } aggregation_spec = { 'aggs': { 'aggregation': { 'terms': { 'field': '{0:s}.keyword'.format(field), 'size': limit } } } } response = self.elastic_aggregation(aggregation_spec) aggregations = response.get('aggregations', {}) aggregation = aggregations.get('aggregation', {}) buckets = aggregation.get('buckets', []) values = [] for bucket in buckets: d = {field: bucket['key'], 'count': bucket['doc_count']} values.append(d) return interface.AggregationResult(encoding, values)
def run( self, field, limit=10, supported_charts="table", start_time="", end_time="", order_field="count", ): """Run the aggregation. Args: field: What field to aggregate on. limit: How many buckets to return. supported_charts: Chart type to render. Defaults to table. start_time: Optional ISO formatted date string that limits the time range for the aggregation. end_time: Optional ISO formatted date string that limits the time range for the aggregation. order_field: The name of the field that is used for the order of items in the aggregation, defaults to "count". Returns: Instance of interface.AggregationResult with aggregation result. """ self.field = field formatted_field_name = self.format_field_by_type(field) # Encoding information for Vega-Lite. encoding = { "x": { "field": field, "type": "nominal", "sort": { "op": "sum", "field": order_field, "order": "descending" }, }, "y": { "field": "count", "type": "quantitative" }, "tooltip": [ { "field": field, "type": "nominal" }, { "field": order_field, "type": "quantitative" }, ], } aggregation_spec = { "aggs": { "aggregation": { "terms": { "field": formatted_field_name, "size": limit } } } } aggregation_spec = self._add_query_to_aggregation_spec( aggregation_spec, start_time, end_time) response = self.opensearch_aggregation(aggregation_spec) aggregations = response.get("aggregations", {}) aggregation = aggregations.get("aggregation", {}) buckets = aggregation.get("buckets", []) values = [] for bucket in buckets: d = {field: bucket["key"], "count": bucket["doc_count"]} values.append(d) return interface.AggregationResult( encoding=encoding, values=values, chart_type=supported_charts, sketch_url=self._sketch_url, field=field, )
def run(self, field, limit=10, supported_charts='table', start_time='', end_time='', order_field='count'): """Run the aggregation. Args: field: What field to aggregate on. limit: How many buckets to return. supported_charts: Chart type to render. Defaults to table. start_time: Optional ISO formatted date string that limits the time range for the aggregation. end_time: Optional ISO formatted date string that limits the time range for the aggregation. order_field: The name of the field that is used for the order of items in the aggregation, defaults to "count". Returns: Instance of interface.AggregationResult with aggregation result. """ self.field = field formatted_field_name = self.format_field_by_type(field) # Encoding information for Vega-Lite. encoding = { 'x': { 'field': field, 'type': 'nominal', 'sort': { 'op': 'sum', 'field': order_field, 'order': 'descending' } }, 'y': { 'field': 'count', 'type': 'quantitative' }, 'tooltip': [{ 'field': field, 'type': 'nominal' }, { 'field': order_field, 'type': 'quantitative' }], } aggregation_spec = { 'aggs': { 'aggregation': { 'terms': { 'field': formatted_field_name, 'size': limit } } } } aggregation_spec = self._add_query_to_aggregation_spec( aggregation_spec, start_time, end_time) response = self.elastic_aggregation(aggregation_spec) aggregations = response.get('aggregations', {}) aggregation = aggregations.get('aggregation', {}) buckets = aggregation.get('buckets', []) values = [] for bucket in buckets: d = {field: bucket['key'], 'count': bucket['doc_count']} values.append(d) return interface.AggregationResult(encoding=encoding, values=values, chart_type=supported_charts, sketch_url=self._sketch_url, field=field)
def run(self, field, query_string='', query_dsl='', supported_charts='table', start_time='', end_time='', limit=10): """Run the aggregation. Args: field (str): this denotes the event attribute that is used for aggregation. query_string (str): the query field to run on all documents prior to aggregating the results. query_dsl (str): the query DSL field to run on all documents prior to aggregating the results. Either a query string or a query DSL has to be present. supported_charts: Chart type to render. Defaults to table. start_time: Optional ISO formatted date string that limits the time range for the aggregation. end_time: Optional ISO formatted date string that limits the time range for the aggregation. limit (int): How many buckets to return, defaults to 10. Returns: Instance of interface.AggregationResult with aggregation result. Raises: ValueError: if neither query_string or query_dsl is provided. """ if not (query_string or query_dsl): raise ValueError('Both query_string and query_dsl are missing') self.field = field formatted_field_name = self.format_field_by_type(field) aggregation_spec = get_spec(field=formatted_field_name, limit=limit, query=query_string, query_dsl=query_dsl) aggregation_spec = self._add_query_to_aggregation_spec( aggregation_spec, start_time=start_time, end_time=end_time) # Encoding information for Vega-Lite. encoding = { 'x': { 'field': field, 'type': 'nominal', 'sort': { 'op': 'sum', 'field': 'count', 'order': 'descending' } }, 'y': { 'field': 'count', 'type': 'quantitative' }, 'tooltip': [{ 'field': field, 'type': 'nominal' }, { 'field': 'count', 'type': 'quantitative' }], } response = self.elastic_aggregation(aggregation_spec) aggregations = response.get('aggregations', {}) aggregation = aggregations.get('aggregation', {}) buckets = aggregation.get('buckets', []) values = [] for bucket in buckets: d = { field: bucket.get('key', 'N/A'), 'count': bucket.get('doc_count', 0) } values.append(d) if query_string: extra_query_url = 'AND {0:s}'.format(query_string) else: extra_query_url = '' return interface.AggregationResult(encoding=encoding, values=values, chart_type=supported_charts, sketch_url=self._sketch_url, field=field, extra_query_url=extra_query_url)
def run( self, field, query_string="", query_dsl="", supported_charts="table", start_time="", end_time="", limit=10, ): """Run the aggregation. Args: field (str): this denotes the event attribute that is used for aggregation. query_string (str): the query field to run on all documents prior to aggregating the results. query_dsl (str): the query DSL field to run on all documents prior to aggregating the results. Either a query string or a query DSL has to be present. supported_charts: Chart type to render. Defaults to table. start_time: Optional ISO formatted date string that limits the time range for the aggregation. end_time: Optional ISO formatted date string that limits the time range for the aggregation. limit (int): How many buckets to return, defaults to 10. Returns: Instance of interface.AggregationResult with aggregation result. Raises: ValueError: if neither query_string or query_dsl is provided. """ if not (query_string or query_dsl): raise ValueError("Both query_string and query_dsl are missing") self.field = field formatted_field_name = self.format_field_by_type(field) aggregation_spec = get_spec( field=formatted_field_name, limit=limit, query=query_string, query_dsl=query_dsl, ) aggregation_spec = self._add_query_to_aggregation_spec( aggregation_spec, start_time=start_time, end_time=end_time ) # Encoding information for Vega-Lite. encoding = { "x": { "field": field, "type": "nominal", "sort": {"op": "sum", "field": "count", "order": "descending"}, }, "y": {"field": "count", "type": "quantitative"}, "tooltip": [ {"field": field, "type": "nominal"}, {"field": "count", "type": "quantitative"}, ], } response = self.opensearch_aggregation(aggregation_spec) aggregations = response.get("aggregations", {}) aggregation = aggregations.get("aggregation", {}) buckets = aggregation.get("buckets", []) values = [] for bucket in buckets: d = {field: bucket.get("key", "N/A"), "count": bucket.get("doc_count", 0)} values.append(d) if query_string: extra_query_url = "AND {0:s}".format(query_string) else: extra_query_url = "" return interface.AggregationResult( encoding=encoding, values=values, chart_type=supported_charts, sketch_url=self._sketch_url, field=field, extra_query_url=extra_query_url, )