Filtering after MAX Aggregation

isaacpm · February 16, 2016, 10:53am

Hi,

I'm using ES+Kibana as timeseries and I'm trying to get a filter applied to the table visualization after the MAX aggregation has been applied.
The problem is that all hosts will have a range of cpu metric values, so if you filter by cpu<5 all hosts will have some entries there.
So ideally I would need to get the max usage, then filter by <5. In case I want to get all hosts that had less than 5% max cpu usage.

Getting the MAX is easy enough in Kibana, what I can't seem to get working is a filter applied to that MAX value.
What would be the best way to get this filter for the MAX value?

Thanks,
Isaac

tbragin · February 19, 2016, 2:28pm

Could you post a screenshot from Visualize with your vis configuration expanded?

isaacpm · February 19, 2016, 3:13pm

I'm afraid is going to be a bit difficult to expand the visualization completely and screenshot it, it has 43 filters. It would take me many screenshots.
I think I found what I need:
https://www.elastic.co/guide/en/elasticsearch/reference/master/search-aggregations-pipeline-bucket-selector-aggregation.html

But I can't try yet because I can restart the cluster to apply the allowing scripts change at the moment.
Will post back if it worked (or if I need help with adding the custom json, which seems likely by my previous attempts)