Elasticsearch buckets on results of aggregation

Question

I am using ELK 7.x. I would like a histogram or bar chart in Kibana on the results of an aggregation. As it's a bit abstract to explain, below is the equivalent SQL query.

select count(*) as no_of_docs, doc_type 
from documents
group by doc_type

15     pdf
21     doc
17     txt
 1     ppt

A histogram or any chart as below:

No of docs        Count of doc type 
(X-Axis)          (Y-Axis) 
1-10              1 [1 ppt occurrence in the 1-10 bucket]
11-20             2 [1 pdf, 1 txt occurrences in the 11-20 bucket]
21 and above      1 [1 doc occurrence in the 21 and above  bucket]

It may not be straightforward, but I do think it should be possible.

Answer 1

I've come up with the below mapping and documents and accordingly created the a Vertical Bar visualizer.

Mapping:

PUT my_docs
{
  "mappings": {
    "properties": {
      "doc_type":{
        "type": "keyword"
      }
    }
  }
}

Documents:

POST my_docs/_doc/1
{
  "doc_type": "pdf"
}

POST my_docs/_doc/2
{
  "doc_type": "pdf"
}

POST my_docs/_doc/3
{
  "doc_type": "pdf"
}

POST my_docs/_doc/4
{
  "doc_type": "jpeg"
}

POST my_docs/_doc/5
{
  "doc_type": "jpeg"
}

POST my_docs/_doc/6
{
  "doc_type": "txt"
}

POST my_docs/_doc/7
{
  "doc_type": "txt"
}

Sample Query and Response:

POST /_sql?format=txt
{
    "query": "select count(*) as no_of_docs, doc_type from my_docs group by doc_type"
}

  no_of_docs   |   doc_type    
---------------+---------------
2              |jpeg           
3              |pdf            
2              |txt            

Kibana Visualizer:

Step 1:

First thing is you would require to create index pattern. You can check this link as how this could be done.

Basically visit Management > Kibana > Index Patterns and add the index i.e. my_docs

Step 2:

• Click on Visualize button on the left side of Kibana
• Once you do that, you should see create new visualization
• You should see various types of visualizer presented to you, scroll down and select Vertical Bar visualizer
• Now you should select the index on which this visualizer should be applied i.e. the index my_docs. Note that if you haven't created index pattern, this index would not show up.
• Notice the screen, it already has by default added doc_count as Y axis, all you need to do is configure X-axis
• Under the Buckets section click on Add and select X-axis
• Notice you should see X-axis get selected and that Aggregation field shows up.
• Select Terms and when you do that select doc_type in the Field section.
• Now click on Blue run button(it should show Apply Changes when you move your cursor on it) next to Panel Settings on the top of this section where you configure the fields.

Below is how the image appears for X-axis part:

Notice that your visualizer is ready. Below is how it appears in my machine for the above sample data:

Let me know if this helps!