Hן
I gather events from application performance management ( dynatrace ) to elasticsearch.
I wanted to know if there is a possibility to combine 2 events, each with the same variable, and display them together under data table - visualize in KIBANA. So that the table contains columns from the two events, with one field shared by both
I'm not 100% if I understand the use case, let me try to restate it.
You have two events, each with a field that contains a matching value, say id. You want to combine the values of other fields in these two documents to create a single column in a data table? For example if you have two documents that look like:
{ id: 1, foo: "bar" }
{ id: 1, baz: "qux" }
You'd like a table that looks something like this:
id | foo-baz
-----------------
1 | "bar", "qux"
Is that correct?
no 
the id:1 is in all events.
I want to show in 1 data table, others fields from both events
in event 1 fields
id 1
name oded
city nyc
event 2 fields
id 1
gender male
so in the data table I will see
id name city gender
1 oded nyc male
Ah I see. That'll prove to be difficult, Elasticsearch doesn't support joins. ES does have a parent/child feature, but Kibana doesn't support it yet. The usual way to get the view you want is to denormalize your data.
Depending on your data, you might be able to abuse the top_hits agg to accomplish your goal though. Create a new data table vis. For the bucket, do a terms agg on your ID field. For each field you want to display as a column add a "Top Hit" metric. Configure the size parameter of the Top Hit metric to equal the number of documents you expect to match each ID (I'll assume two, since that's the example you gave). For the Aggregate With parameter, choose Concatenate . You should end up with something like this:
If this workaround doesn't work for you, I think denormalization may be your only option at the moment.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
