Aggregation with Counts of values

Elastic Stack Kibana
1

I have a dataset

[{"device":"aaa", "online":true","site":"a"},
{"device":"bbb", "offline":true","site":"a"},
{"device":"ccc", "online":true","site":"b"},
{"device":"ddd", "online":true","site":"b"}]

That i want to transform as a data table in Kibana as
Site Online Offline
a . 1 1
b . 2 . 0

I have used Aggregations and have got it to

Site Status Count
a . online 1
a . offline . 1

Can someone guide me on how I could get to the format above. Thanks in Advance

Shiva

2

Hello @Shiva_Shankar_Jagann

It's going a bit difficult to guide you about the data table creation but I'll try my best.

  1. Create a new data table for the index pattern which contains the dataset.

  2. On the "metrics" panel: Choose as aggregation: "Unique count" and select device as field.

  3. Go down for buckets and click on "split rows", select "terms" aggregations and choose "site" as field.

  4. Below that push in "add buckets" button, and once again on "split rows", now as aggregation select "Filters", and in filter 1 input the following: "online:true" , then push in "add filter" and type on filter 2 "offline:false" (if you want you can put a label).

  5. Click on the play button and check you visualization :slight_smile:

NOTE: Remember that in order to perform terms aggregation you need have "site" field mapping as keyword.

I hope this helps :slight_smile:

3

I still get the format
Site Status Count
a . online 1
a . offline . 1

This I was able to get with a simple aggregation over Siteid and

What I need is
Site Online Offline
a . 1 1
b . 2 . 0

for a dataset
[{"device":"aaa", "online":true","site":"a"},
{"device":"bbb", "online":false","site":"a"},
{"device":"ccc", "online":true","site":"b"},
{"device":"ddd", "online":true","site":"b"}]

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.