Hi, having trouble using Sibling aggregation in Kibana ()
I have records like following:
{
“EventId”: “123”,
“intPayloadNumber”: 234,
“someField”: “someValue”
}
I can have multiple records in Kibana for the same eventId.
What I need to do is find average of max intPayload across all events:
Step 1: For each eventId, I need to find MAX value of intPayload field (Each eventId may have multiple intPayloads values).
Step 2: And then, find AVERAGE of result of Step 1 (Average of MAX across all eventIds)
I need to display it as single value on dashboard.
To do so, I selected Metric Visualization -> then in Metrics I selected “Average bucket” aggregation.
After that, in “Bucket “ tab, I selected Terms aggregation and specified my eventId field (basically, I assume it means group by eventId).
Then, in Metric tab, I selected “Max” Aggregation for “eventId” Field.
However, the result I see doesn’t match expected result.
Also, in Bucket -> Aggregation tab, I am confused with Size field: when I increase it - my result is also changing (I expect to see all eventIds being included in my aggregation)
