Displaying additional columns in data table visualization


Let's say I have a bunch of log messages containing severity, application name along with the actual message.
Now I want to display the count of these messages with an ability to filter using other columns.
For e.g.
Message Application Severity Count

message1 App1 error 20
message2 App2 critical 2
And so on...

Now I know how to create a data table with Message and Count columns. But is it possible to add more columns to it so that data can be filtered easily at run-time? I know I can use "Add a filter" option but this interface will be used by other users and I want to make it simple for them where they have to only click on + or - for a field.


Hi Nikhil,

I don't think what you want is possible. Since each of the rows represents a full bucket of documents (e.g. in your case the first row would represent all documents with message1, App1 and status:error, which are 20 documents in your case). So if you want to add another column in there, you would basically need to also give an aggregation, that should be used which should be used to aggregate the value from all documents within that row-bucket.

You can do so, by using the "Add metrics" button on top of the editor, to add another metrics (i.e. numerical calculation on all documents within that row). But you cannot filter on them, since this is not a "real value" inside a document, but a calculated e.g. average.

If you are interested in the values of a specific field, you could just add another bucket aggregation, so each value within that field, would get it's own row and then you have filter possibilities again.


Thanks for your quick response Tim. Let me try out your suggestions.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.