Appending a result from a search to the result of another search

perbejder · December 15, 2021, 11:02am

Hi

I have two indexes.
One with data from our Windows servers and another with information from our CMDB.

I want to make a count of servers that have send data to Elastic within the last 24 hours from the Windows index and divide that count with a count of servers in the CMDB index

Something like ((Count of active servers in Windows index / Count of Servers from CMDB) * 100) = “% of know servers that did send data”

I haven’t found any way to do it in Kibana, but being new to Elastic there might be other ways to this.

Best regards
Per Bejder

flash1293 · December 15, 2021, 11:51am

You can create an index pattern which includes both indices (windows-data,cmdb-data), then create a visualization which filters on the _index field). You can calculate the ratio using Lens formula: Create visualizations with Lens | Kibana Guide [7.16] | Elastic

unique_count(server.id, kql="_index:windows-data")/unique_count(server.id, kql="_index:cmdb-data")

perbejder · December 15, 2021, 12:10pm

Thanks - I will test that

Topic		Replies	Views
Kibana Calculation of a particular row under a particular column Kibana	2	152	January 24, 2023
Visualize calculation on search results Kibana	3	288	July 24, 2018
How is possible to combine indexes in a visualization? Kibana	6	6942	July 6, 2017
Visualization from two indexes Kibana	6	5737	January 12, 2020
Combining 2 index to visualize data in Kibana Kibana	5	914	February 6, 2018

Appending a result from a search to the result of another search

Related topics