- 최신
- 최다 투표
- 가장 많은 댓글
You can visualise in 'Stacked area' or 'Line' graph, when you use the bin() function. Hence, you were able to get the stacked area chart in your second query only.
For queries, where you group by fieldName and not use
bin()function, stacked area and line charts cannot be visualised. Such queries generate bar charts only. This restriction is mentioned on AWS documentation here.
To be able to plot a stacked area chart with grouping for different fields - you can modify the query to include aggregation across the fields' possible values in your stats statement. This can be done by having different taskName(s) specified across the function you use for aggregation.
For example, in the query below I have used sum() function across different taskName(s):
fields @message
| parse @message "[*] something*,*" as hash, taskName, restOfMessage
| display @timestamp, taskName, restOfMessage
| filter ispresent(taskName)
| stats sum(taskName = 'task1') as task1, sum(taskName = 'task2') as task2, sum(taskName = 'task3') as task3 by bin(30s)
Change the above query accordingly to include as many taskName(s) necessary, and by using the appropriate values for taskName (task1, task2 etc.) in the sum() function's attributes.
This should allow for a stacked area chart to show up, with stacks for each different taskName. Hope this workaround helps!
