Given an ordered series of data, moving average aggregation slides a window over the data and emits an average of that window. For example, given data [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], we can calculate a simple moving average of window size 5 as follows:
(1 + 2 + 3 + 4 + 5) / 5 = 3 (2 + 3 + 4 + 5 + 6) / 5 = 4 (3 + 4 + 5 + 6 + 7) / 5 = 5 othersCopy the codeMoving averages are a simple way to smooth out sequential data. Moving averages are usually applied to time-based data, such as stock prices or server metrics. Smoothing can be used to eliminate high-frequency fluctuations or random noise, thus making low-frequency trends, such as seasonality, easier to visualize. What I have to point out here is Moving average aggregation which is a pipeline aggregation. That is, it must use the result of another aggregation and then aggregate on top of it. If you are not familiar with Pipeline aggregation, please see my previous article “Elasticsearch: Introduction to Pipeline Aggregation”.
Let’s use an example to illustrate how to use it. In addition, I will show how to customize Moving Average Aggregation in Kibana.
To prepare data
In today’s presentation, we will use the data that comes with Kibana. Open Kibana:
Click the Add Data button:
Our index KibanA_SAMPLE_datA_logs is now loaded into Elasticsearch.
Create a Moving Average Aggregation
Open Kibana:
Select the appropriate Time Picker, then select Date Histogram on the X-axis, and click Update. Let’s change the display of the bar to line to make it easier to display. Click on Metrics & Axes:
We then add another aggregation of Moving average aggregation. Click Data and add the second Y-axis:
Click the Update button above:
On top, we can see another curve coming out. It clearly shows the trend of a count. This Moving Average aggregation is calculated based on the previous count, the number of documents in each bucket, which is another aggregation. The blue line is definitely smoother than the green line. If I want to know where the request for this curve came from. We can follow the steps as follows:
Let’s first click on Inspect in the top left, and then View: Data:
Click on Request to see what the specific command for the Request is. Let’s click on the copy icon above and paste the content into console in Kibana:
From the above we can see that the moving_fn aggregate actually has configuration parameters: window and script. I can consult document www.elastic.co/guide/en/el… To look at it in detail. We can even configure the parameter window. From the above we can see that its default window size is 5. If we wanted to set it to 10, such a curve might be based on smoothing, but of course it would also filter out some details. If we want to do this, how can we customize this Moving Average Aggregation?
Custom Moving Average Aggregation
Let’s go to Advanced:
Then, we configure a parameter called window 10. And then the curve will look something like that. This is obviously much smoother than the previous one.
Of course, we can even customize it further:
{
"window": 10,
"script": "MovingFunctions.linearWeightedAvg(values)"
}
Copy the code
For a description of linearWeightedAvg, see the official Elastic documentation. The linearWeightedAvg function assigns linear weights to points in the series, so that “older” data points (for example, those at the beginning of the window) contribute less to the total average. Linear weighting helps reduce the “lag” of the data mean because earlier points have less impact. As you can see from the diagram above, it shows a little more detail than the previous one.
Well, that’s all for today’s tutorial. I hope you learn something!