Is it possible to tell kibana to create metrics on data such that if field X has X and field Y has Y Z, provide the count where field X has field Y and count of field X has field Z?
Hi there,
I'm sorry but I'm having a hard time following the logic you're describing... could you provide a more concrete example? E.g. with a couple sample documents and the resulting visualization you'd like to see?
Thanks,
CJ
Hi cjcenizal,
Thanks for your response. This what my scenario is: I have a list of 500 names. There are numerous first names. There are numerous last names. What I want to do is for each first name give me the count of each first name and last name. For example, for every "John" give me the number of time his last name is "Doe", "smith" and so on. Also, I do not have static first names or last names. The end goal is to have something like this
- John Smith = 50
- John Doe = 50
- Jane Smith = 50
- Jane Doe = 50
- Mars Mine = 50
- Mar Smith = 50
and so on. Please let me know if you have any questions.
OK, I have spent waaaaayyy too much time working on this problem (not your fault; I just went down a few rabbit holes), but I think I have a solution for you! 
So, first of all it sounds like what you're looking for is a way to get the count of documents based on a "Full name" field, except this field unfortunately doesn't exist yet.
Ideally, you would index this data with this field using something like Logstash. But, barring that, you can use Scripted Fields to fake the presence of this field. This is less performant, but is great for prototyping and quick experimentation.
To do this, go to Management > Index Patterns > Scripted Fields and click "Add Scripted Field". Create a scripted field to concatenate the first name and last name fields on your document. Make sure to refer to the "keyword" property on each field, and set the type to "String". It should look something like this:
Create the scripted field and take a look in Discover to make sure that it shows up on your documents and it doesn't cause any errors when a query is run. If everything looks good, you can now create Visualizations using a Terms aggregation on the "Full name" field, which will give you the counts of each unique Full name.
Please let me know if this helps.
Thanks,
CJ
BTW we should be posting a blog post on Scripted Fields soon.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.