I am trying to display netflow in sankey diagram with Kibana. In Kibana 6.X and Elasticsearch 6.4 I can use the method described in Sankey Vega Tutorial
Now I want to achieve the same result with Kibana 5.6 and Elasticsearch 5.X. so I have installed the Vis Kibana plugin. The problem is with the query aggregation.
In Elastic 6 I can do:
GET logstash-*/_search { "size": 0, "aggs": {
"table": {
"composite": {
"size": 10,
"sources": [
{"stk1": {"terms": {"field": "srcip.keyword"}}},
{"stk2": {"terms": {"field": "dstip.keyword"}}}
]
}
} } }
Composite aggregation is still in beta and not available in 5.X. So I'm looking for a way to achieve the same/similar usable result in 5.X.
