Untitled :: SIREN DOCS

X- and Y-axis aggregations

Y-axis aggregations

Metric aggregations

Count: The count aggregation returns a raw count of the elements in the selected index pattern.
Average: This aggregation returns the average of a numeric field. Select a field from the box.
Sum: The sum aggregation returns the total sum of a numeric field. Select a field from the box.
Min: The min aggregation returns the minimum value of a numeric field. Select a field from the box.
Max: The max aggregation returns the maximum value of a numeric field. Select a field from the box.
Standard Deviation: The extended stats aggregation returns the standard deviation of data in a numeric field. Select a field from the box.
Unique Count: The cardinality aggregation returns the number of unique values in a field. Select a field from the box.
Median: The Median (50th percentile) aggregation.
Percentiles: The percentile aggregation divides the values in a numeric field into percentile bands that you specify. Select a field from the box, then specify one or more ranges in the Percentiles fields. Click the X to remove a percentile field. Click + Add to add a percentile field.
Percentile Rank: The percentile ranks aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field from the box, then specify one or more percentile rank values in the Values fields. Click the X to remove a values field. Click +Add to add a values field.
Top Hit: The Top hit aggregation.
Geo Centroid: The Geo centroid aggregation.

Parent pipeline aggregations

For each of the parent pipeline aggregations you have to define the metric for which the aggregation is calculated. That could be one of your existing metrics or a new one. You can also nest these aggregations, for example to produce a third derivative.

Derivative: The derivative aggregation calculates the derivative of specific metrics.
Cumulative Sum: The cumulative sum aggregation calculates the cumulative sum of a specified metric in a parent histogram
Moving Fn: The moving fn aggregation will slide a window across the data and show the average value of that window
Serial Diff: The serial differencing is a technique where values in a time series are subtracted from itself at different time lags or period

Sibling pipeline aggregations

Just like with parent pipeline aggregations you need to provide a metric for which to calculate the sibling aggregation. On top of that you also need to provide a bucket aggregation which will define the buckets on which the sibling aggregation will run

Average Bucket: The avg bucket calculates the (mean) average value of a specified metric in a sibling aggregation
Sum Bucket: The sum bucket calculates the sum of values of a specified metric in a sibling aggregation
Min Bucket: The min bucket calculates the minimum value of a specified metric in a sibling aggregation
Max Bucket: The max bucket calculates the maximum value of a specified metric in a sibling aggregation

X-axis aggregations

Date Histogram: A date histogram is built from a numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days, weeks, months, or years. You can also specify a custom interval frame by selecting Custom as the interval and specifying a number and a time unit in the text field. Custom interval time units are s for seconds, m for minutes, h for hours, d for days, w for weeks, and y for years. Different units support different levels of precision, down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch. For example, the tool tip for a monthly interval will show the first day of the month.
Histogram: A standard histogram is built from a numeric field. Specify an integer interval for this field. Select the Show empty buckets check box to include empty intervals in the histogram.
Range: With a range aggregation, you can specify ranges of values for a numeric field. Click Add Range to add a set of range endpoints. Click the red (x) symbol to remove a range.
Date Range: A date range aggregation reports values that are within a range of dates that you specify. You can specify the ranges for the dates using _date math expressions. Click Add Range to add a set of range endpoints. Click the red (/) symbol to remove a range.
IPv4 Range: The IPv4 range aggregation enables you to specify ranges of IPv4 addresses. Click Add Range to add a set of range endpoints. Click the red (/) symbol to remove a range.
Terms: A terms aggregation enables you to specify the top or bottom _n elements of a given field to display, ordered by count or a custom metric.
Filters: You can specify a set of filters for the data. You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click Add Filter to add another filter. Click Label (image: 15d88cecb57c46.png[image]) to open the label field, where you can type in a name to display on the visualization.
Significant Terms: Displays the results of the experimental significant terms aggregation. The value of the Size parameter defines the number of entries this aggregation returns.
Geohash: Note: This aggregation is specific to the Coordinate Map and Enhanced Coordinate Map visualizations. The geohash aggregation displays points based on the geohash coordinates.
External query terms filter: A Siren Investigate aggregator where one can define one or more buckets based on a value in a record - typically, a value in a field marked as the unique value field - matching the results of an external query. Multiple such buckets, corresponding to multiple queries, can be defined. For more information see the query menu in the configuration. This displays the results of the external query terms filter aggregation.