Aggregation of values in a array of nested objects

ivanjunckes · February 26, 2018, 8:13pm

I am trying to solve an issue with nested objects and I would like your help.

An event like this is sent to elasticsearch:

{
  "proxy_steps": [
    {
      "category": "build_proxy_request",
      "elapsed_sec": 4
    },
    {
      "category": "process_rewrite",
      "elapsed_sec": 9
    },
    {
      "category": "rewrite_authentication",
      "elapsed_sec": 1
    },
    {
      "category": "rewrite_authorization",
      "elapsed_sec": 9
    },
    {
      "category": "rewrite_check_flags",
      "elapsed_sec": 7
    },
    {
      "category": "rewrite_rule_evaluation",
      "elapsed_sec": 2
    },
    {
      "category": "rewrite_rule_evaluation",
      "elapsed_sec": 8
    },
    {
      "category": "proxy_response",
      "elapsed_sec": 5
    }
  ]
}

I would show it in a visualization aggregating the elaspsed_sec average per category. For example, rewrite_rule_evaluation average would be 5.

I know it works in elastic search but I couldn't make it work in Kibana. Kibana doesn't support aggregations of nested objects, as per documentation on https://www.elastic.co/guide/en/kibana/5.5/nested-objects.html. But I am wondering if there is a way to do it with scripted aggregations.

Can anyone help?

Brandon_Kobel · February 27, 2018, 6:24pm

Hey @ivanjunckes I'm not aware of a way to use scripted aggregations to get around the nested objects limitations, and we generally recommend denormalizing your data in these situations.

system · March 27, 2018, 6:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.