Hello! I have a record like this :
{ server: 1, size: 10, @timestamp: "2021-6-28 09:00"}
{ server: 2, size: 30, @timestamp: "2021-6-28 09:00"}
{ server: 3, size: 40, @timestamp: "2021-6-28 09:00"}
{ server: 1, size: 15, @timestamp: "2021-6-28 10:00"}
{ server: 2, size: 80, @timestamp: "2021-6-28 10:00"}
{ server: 3, size: 90, @timestamp: "2021-6-28 10:00"}
I would like to take the latest sum and add them all together to create a bar chart. Currently when I create a bar chart it will take (10+30+40+15+80+90) but instead I would want the latest value only so I only want (15+80+90). And if server 1 value changes I want that latest value to be added instead of 15. Is there a way to create this bar chart without using a Vega chart?
Do you want the latest value for each server? If that's the case, then you can use the "Last value" function in Lens, or the "Top hits" function in other chart types, and this will produce 1 bar for each server.
If you're asking for something more complicated, then usually you would use Vega. If you don't want to use Vega, then you'll need to extract this information into a new set of documents that is pre-summarized.
You may want to read the documentation on Elasticsearch transforms which explains the problem and gives you a potential solution.
So I would like the latest value and the sum. So I would like to have the sum of the latest values of server 1,2,3 and ignore previous values. I was attempting to create it through Lens but do not happen to see a field for "Latest" . When adding an X axis I only see
Average
Maximum
Minimum
Sum
Unique count
Count.
Then after selecting Sum I can only see label and value format
Lens supported the "Last value" function in version 7.11
You said you want to get the Sum of the Last value, which requires 2 passes to calculate. Your options are the TSVB "Series agg" function, Vega, or transforming the data you are indexing.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.