Hi, I am wondering if Kibana supports my use case. I am creating a dashboard where I want to show app usage metrics data. The individual documents are pretty small (about 5-10 fields). Some of the fields are common to all the documents, but some are context-specific (and new may be added in the future).
To illustrate, this is an example document:
{
"origin": {
"inst": "foobar-demo",
"env": "production"
},
"@timestamp": "2024-03-15T13:10:00+02:00",
"metricPoint": {
"metricSetName": "assignment_resolved",
"userId": "5565d66d4809467a458b4567",
"context": {
"resolution_type": "done"
}
}
}
In my dashboard, I want to have a table where all relevant columns are shown. "Relevant columns" means:
- Common fields
origin.instorigin.envmetricPoint.metricSetName- etc...
- "Context-specific" fields:
context.*
What I want is to show the statically defined columns for "common fields", but then to also show columns for all "context-specific" fields in the matched data. If the data in the selection would contain 10 different context.* fields, I would like there to be 10 extra columns.
The idea is that before looking at the columns in the dashboard, the data would be pre-filtered to a lower cardinality and at that point there would not be too many extra columns polluting the table.
At the moment, what I do is just show the statically defined fields, but when an analyst is interested in more details, they have to expand the document line with the <-> arrow (screenshot). This is clunky as it does not provide an easy overview of the data.
An alternative to this that I really want to avoid is having a concrete saved search per each metricSetName, which would show the appropriate context columns. But there would be dozens of saved searches with more being added on the fly.
To sum up, is there a way I can achieve this?
Without filter:
Filtering for just one metric type (notice the disappearing columns which are not contained in any matching document)
Thank you!