Combining rows into one in Kibana

Ashootosh_Bhardwaj · September 20, 2018, 1:02pm

Hi, I have different types of data coming from 3 different servers.
Server One gives me : ID, StartTime1, EndTime1
Server Two Gives me : ID StartTime2, EndTime2
Server Three gives me: ID, StartTime3, EndTime3

In Elastic Search I am sending data as Logs_Server1, Logs_Server2 and Logs_Server3 and I created Index Logs* which now has all the data.

I would like to know if there is a way to combine this data? So that I can see it like below in Kibana:

ID, StartTime1, StartTime2, StartTime3, EndTime1, EndTime2, EndTime3.

Everything in a single row for Single ID?

Regards,
Ashootosh

Ashootosh_Bhardwaj · September 21, 2018, 1:43am

I will really appreciate any help or direction to resolve this problem!

tsullivan · September 22, 2018, 3:31am

This looks kind of like what a left join would do in SQL, which Elasticsearch does not support. If ID is a shared key across multiple documents, what you could do is aggregate on all the IDs and get information like how much data exists per ID or some stats per ID, such as min start time or max end time.

system · October 20, 2018, 3:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to combine data from different index in one view while viewing in kibana? Elasticsearch	8	2028	November 2, 2021
How to combine 2 log entries to show in one line of Data Table based on a common field? Kibana	5	4326	March 26, 2020
Combining (grouping) two records as one in Kibana Discover Kibana	3	1202	April 12, 2021
Combine data from multiple rows based on aggregation Kibana	7	907	March 19, 2021
Combine queries on different indices in kibana Kibana	2	265	April 25, 2019

Combining rows into one in Kibana

Related Topics