bc4ad271f1
* [Maps] connecting to EMS docs * remove un-related test file * worked with gchaps to make much better * simplify disable intro * feedback * add optional flag back to step
95 lines
2.3 KiB
Text
95 lines
2.3 KiB
Text
[role="xpack"]
|
|
[[terms-join]]
|
|
=== Terms join
|
|
|
|
Terms joins use a shared key to combine the results of an Elasticsearch terms aggregation and vector features.
|
|
You can augment vector features with property values that symbolize features and provide richer tooltip content.
|
|
|
|
[role="screenshot"]
|
|
image::maps/images/terms_join.png[]
|
|
|
|
Follow the example below to understand how *Terms joins* work.
|
|
This example uses https://www.elastic.co/elastic-maps-service[Elastic Maps Service (EMS)] World Countries as the vector source and
|
|
the Kibana sample data set "Sample web logs" as the Elasticsearch index.
|
|
|
|
Example feature from World Countries:
|
|
--------------------------------------------------
|
|
{
|
|
geometry: {
|
|
coordinates: [...],
|
|
type: "Polygon"
|
|
},
|
|
properties: {
|
|
name: "Sweden",
|
|
iso2: "SE",
|
|
iso3: "SWE"
|
|
},
|
|
type: "Feature"
|
|
}
|
|
--------------------------------------------------
|
|
|
|
Example documents from Sample web logs:
|
|
--------------------------------------------------
|
|
{
|
|
bytes: 1837,
|
|
geo: {
|
|
src: "SE"
|
|
},
|
|
timestamp: "Feb 28, 2019 @ 07:23:08.754"
|
|
},
|
|
{
|
|
bytes: 971,
|
|
geo: {
|
|
src: "SE"
|
|
},
|
|
timestamp: "Feb 27, 2019 @ 08:10:45.205"
|
|
},
|
|
{
|
|
bytes: 4277,
|
|
geo: {
|
|
src: "SE"
|
|
},
|
|
timestamp: "Feb 21, 2019 @ 05:24:33.945"
|
|
},
|
|
{
|
|
bytes: 5624,
|
|
geo: {
|
|
src: "SE"
|
|
},
|
|
timestamp: "Feb 21, 2019 @ 04:57:05.921"
|
|
}
|
|
--------------------------------------------------
|
|
|
|
The JOIN configuration links the vector source "World Countries" to the Elasticsearch index "kibana_sample_data_logs"
|
|
on the shared key *iso2 = geo.src*.
|
|
[role="screenshot"]
|
|
image::maps/images/terms_join_shared_key_config.png[]
|
|
|
|
The METRICS configuration defines two metric aggregations:
|
|
the count of all documents in the terms bucket and
|
|
the average of the field "bytes" for all documents in the terms bucket.
|
|
[role="screenshot"]
|
|
image::maps/images/terms_join_metric_config.png[]
|
|
|
|
Example terms aggregation response:
|
|
--------------------------------------------------
|
|
{
|
|
aggregations: {
|
|
join: {
|
|
buckets: [
|
|
{
|
|
doc_count: 4,
|
|
key: "SE",
|
|
avg_of_bytes: {
|
|
value: 3177.25
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
|
|
Finally, the terms aggregation response is joined with the vector features.
|
|
[role="screenshot"]
|
|
image::maps/images/terms_join_tooltip.png[]
|