Séries multiples : sous-agrégation + transform flatten
Pattern incontournable pour exploiter une sous-agrégation ES (date_histogram → terms) : aplatir les buckets imbriqués avec flatten puis extraire clé et valeur avec calculate. Buckets fournis inline au format de réponse ES.
Cas d'usage
Aires empilées du volume de logs par niveau (info/warn/error) au fil du temps.
Prérequis
Kibana 7.10+, Elasticsearch
Vega-Lite
{
"$schema": "https://vega.github.io/schema/vega-lite/v5.json",
"data": {
"values": [
{ "key": "2026-06-08T08:00:00", "levels": { "buckets": [{ "key": "info", "doc_count": 420 }, { "key": "warn", "doc_count": 64 }, { "key": "error", "doc_count": 11 }] } },
{ "key": "2026-06-08T08:30:00", "levels": { "buckets": [{ "key": "info", "doc_count": 465 }, { "key": "warn", "doc_count": 58 }, { "key": "error", "doc_count": 9 }] } },
{ "key": "2026-06-08T09:00:00", "levels": { "buckets": [{ "key": "info", "doc_count": 510 }, { "key": "warn", "doc_count": 92 }, { "key": "error", "doc_count": 35 }] } },
{ "key": "2026-06-08T09:30:00", "levels": { "buckets": [{ "key": "info", "doc_count": 488 }, { "key": "warn", "doc_count": 130 }, { "key": "error", "doc_count": 88 }] } },
{ "key": "2026-06-08T10:00:00", "levels": { "buckets": [{ "key": "info", "doc_count": 530 }, { "key": "warn", "doc_count": 75 }, { "key": "error", "doc_count": 22 }] } },
{ "key": "2026-06-08T10:30:00", "levels": { "buckets": [{ "key": "info", "doc_count": 555 }, { "key": "warn", "doc_count": 61 }, { "key": "error", "doc_count": 12 }] } }
]
},
"transform": [
{ "flatten": ["levels.buckets"], "as": ["level"] },
{ "calculate": "datum.level.key", "as": "niveau" },
{ "calculate": "datum.level.doc_count", "as": "count" }
],
"mark": "area",
"encoding": {
"x": { "field": "key", "type": "temporal", "title": null },
"y": { "field": "count", "type": "quantitative", "stack": "zero" },
"color": { "field": "niveau", "type": "nominal" }
}
}KibanaflattenSous-agrégationAires empilées