Elasticsearch-query-for-distinct-fields-in-documents-of-same-index

Document 1:

{
  _id = 1,
  _index = "desktop_apps"
  chrome_app_name: "chrome",
  chrome_app_version: "1.2",
  user: "user1"
}

Document 2:

{
  _id = 2,
  _index = "desktop_apps"
  firefox_app_name: "firefox",
  firefox_app_version: "1.3",
  user: "user1"
}

each document in the index 'desktop_apps' has distinct fields for the same user.

I want to create an visualization in kibana for the user like this,

enter image description here

How to achieve this particular behavior. I am trying to create a search query
and build visualization based on the search. How do i build my search query for this case?

You probably need to transform this data before visualizing it. In Elasticsearch 7.3 there is a free (basic license) feature for continuous data frame transforms which lets you do this, or you can use a transform pipeline like Logstash to do this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.