Aggregate terms in kibana and how stored this?


(Tatiana) #1

From the total number of documents, it is necessary to calculate the number (top) of documents for the selected parameter and the top 10% for the same criterion. And then use these metrics for the terms in the table in the total share. How can I do this in the widow widget (table)?


(Jon Budzenski) #2

You can do this with a top hits metric aggregation (for top documents), and a percentile ranks metric aggregation. Can you share what you have so far?

The calculation part may need to be done with a scripted field.


(Tatiana) #3

For example, there is
Host1 - number of visits - visits with the top 10% ip
Host2 - number of visits - visits with the top 10% ip
Host3 - number of visits - visits with the top 10% ip
....
HostN - number of visits - visits with the top 10% ip

Those. the top 10% ip indicator should be dynamic (depends on the selected time filter) and common to all Hosts. How to calculate this total indicator is not for each Hosts separately, but in general. To build, use the widget table in kibana.
And from this number the percentage should be calculated, in percentage - the percentage of visits with the top 10% ip


(Jon Budzenski) #4

I see. I'm not sure that it's possible, it may require some experimenting.

The first column is a terms aggregation on the fields containing host. the second column is a metric on document count. The last column sounds like it would need to be scripted, but I can't think of a way to make it work. To clarify, you want it to display an ip address at the end?


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.