Group by function in Discover

temp_account · May 30, 2022, 9:06am

i used a lot of Kibana/Discover in work.
As you know, in the query result of Discover, in each log record, there may be many fields included, eg. userid, flowid, userip, username, userAction, etc.
Several log record may be correlated by some fields, eg. userid / flowid.
If i search by flowid, i can get logs relating to one flowid, this is easy to investigate log payload.
If i search by userid, i can get logs relating to one user, but maybe several flows, at this case, i can see lots of plain text on the page, it is not easy to investigate log payload.

Is there a function that i can define one or several fields as Group by key (eg. flowid) , when this key applies, in the Discover query result page (query by userid), the logs are grouped by the key (flowid) and organized, so that i can investigate flow one by one for this user?

ghudgins · May 31, 2022, 2:11pm

We do have this enhancement on the backlog [Discover] Group by field(s) · Issue #103008 · elastic/kibana · GitHub

You can use a Lens table to build this sort of exploration in the short term before we deliver the above functionality

temp_account · June 1, 2022, 8:10am

Thanks.
Actually we have built our own frontend UI to display the ES log queryed by API, which greatly improved our work efficiency. So this feature is not in emergency for us now. Glad to here it was in consideration.

system · June 29, 2022, 8:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.