Data Frame Aggregation Order

willemdh · November 26, 2019, 10:42am

Kibana 7.3.2 Data Frames

No matter in what order I add aggregations, somehow some fields are always added first in the result..

As you can see in the above, event.outcome is in the first column, while added after the ruleset...

Pivot json:

{
  "group_by": {
    "panw.panos.ruleset": {
      "terms": {
        "field": "panw.panos.ruleset"
      }
    },
    "event.outcome": {
      "terms": {
        "field": "event.outcome"
      }
    }
  },
  "aggregations": {
    "panw.panos.flow_id.cardinality": {
      "cardinality": {
        "field": "panw.panos.flow_id"
      }
    }
  }
}

Is this a bug or am I missing something

walterra · November 26, 2019, 3:51pm

Thanks for the feedback!

The columns in the preview table show the group-by columns first, then the aggregated columns. Within each group (group-by/aggregations) the columns are sorted alphabetically.

Note that the column order doesn't affect the result of the transform, the resulting transformed index will always be the same regardless of the order in the form or preview.

Hope that helps!

system · December 24, 2019, 3:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Order of documents when using a transform Kibana	5	299	January 13, 2023
Ordering of subaggregations in Kibana 6.2 (vs 6.0 and earlier) Kibana	2	315	May 21, 2018
Term aggregation ordering within a pivot transform Elasticsearch transforms , aggregations	5	190	February 26, 2024
How to see the data in order of insertion in Data Table Visualization? Kibana	4	591	January 30, 2018
Sorting Kibana filters aggregation Kibana	5	2342	July 6, 2017

Data Frame Aggregation Order

Related topics