How can i do with lets say Kibana table to get this result (status OK is higher than ERROR, so if a device send 2 status OK and ERROR / or ERROR and OK, we consider the device is OK) :
groupname status count ZAAH OK 3 (because device1 is OK + device3 is OK + device4 is OK) ZAAH ERROR 1 (because device2 is ERROR)
Hi, welcome! Not all of the parts of your question are directly supported by Kibana. Kibana is able to show you a table based on the Terms aggregation, so you could for example show the count for each (groupname, dname, status) tuple in alphabetical order- but without extra processing. Would that work?
If that doesn't work, then I think you have two options:
Change the data format, for example by using the Transform API which is often used in this type of data
Switch to a different visualization type, specifically Vega, which is more powerful- but doesn't do great tables
Hi, thank you for your feedback. I have never used Vega or tansform api. Do you know how can i accomplish the task with Vega ? or easier with Transform api ?
Both options I recommended will require some work to set up correctly- if you require a table, then you can't use Vega. My personal preference is Vega: it's very powerful once you learn it.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.