Hello Team,
I have a use-case of combining two documents (which has a similar timestamp for both the records) based on a value of a particular field. Please go through the data pic in detail.
If you observe the data in line no 1 and line number 4, the device value and remote value are interchanged(client - server flow & server client flow). I want to display similar output as line 5 (based on the value of the device field in one document, I want to check the value of Remote. If both are the same(equal), I want to display (client - server flow )device, remote, app, protocol and add the values of bytes for the initial record and matched record).
I can do it by adding extra logic in an API, process it and push it to the ES index as the way I wanted. But, I want to handle it in the Kibana side.
Is there any way I can do it in Kibana by writing script fields on top of the index pattern in Kibana (Index Management) / any alternative methods?
Thanks in advance ..