Chart with fIltering by function on attribute

Hello, let's say I have temperature readings from devices:

{dev_id, time, temperature}

I would like to do two things:

  1. Show number of readings that have temperature greater than average temperature.
  2. Show number of devices that have temperature greater than average temperature.

I was thinking about using timelion's "if" function but as I understand it, it is for filtering computed aggregates, where I would like to filter the "RAW" events before I apply aggregations on them.

Any ideas how I can approach the problem?

Best I know there isn't a way to filter by the result of an aggregation (in this case an average aggregation). You might be able to get part of the way with the percentiles metric, which could show you things like how many readings are in the 50-th percentile, but I'm not 100% that's what you're looking for...

Thank you for the replay. Would it be possible to have that percentile computed on device not event level?

I mean, let's say I have events of logging into the system. If the logging was successful I have "success:1", otherwise 0.
Is it possible to somehow show distribution of users by successful rate?

In SQL I would do something like:

select avg(success) from events group by user_id

And then draw a histogram from the distribution of users or show multiple percentiles, but I'm somehow not able to translate it to Kibana's visualisation. Groupping by terms allows to group only by fixed number of them. I feel like I'm missing something simple here

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.