Grouping documents in kibana based on a column without losing the rest columns

kakavoul · November 7, 2019, 2:43pm

Hello,

Let's assume that i have something like that in elastic search

alarm_id sequence date          alarm_text
1        1        2019-11-7     text of alarm1
2        1        2019-11-7     text of alarm2
2        2        2019-11-8     text of alarm2
2        3        2019-11-9     text of alarm2
3        1        2019-11-8     text of alarm3
3        2        2019-11-10    text of alarm3

and i want to group this information like that in kibana:

alarm_id      count         date          alarm_text
1             1             2019-11-7     text of alarm1
2             3             2019-11-9     text of alarm2
3             2             2019-11-10    text of alarm3

which means that i want to have a grouping by alarm id, a column "count" which keeps the maximum number of "sequence" column for that alarm_id (or alternatively the number of occurrences of that alarm_id), the newest date and its alarm text

i managed to have only the first two columns using a data table visualization but i couldn't have the rest columns too. Is there any way (visualization or search) to do it in kibana or is not feasible?

Thanks in advance

flash1293 · November 7, 2019, 2:58pm

Hi, you should be able to do this with the "Top Hit" metric aggregation. It can be used to use the value of one document out of the bucket - in your case every value of the field will be the same in the bucket, so you can just do a "Top Hit" on the desired field, use the "concatenate" aggregate option and the order doesn't even matter because there will be a single value anyway.

kakavoul · November 8, 2019, 9:27am

It worked, thank you very much.

But i have one extra question. Is it possible for one or more columns to not take into consideration some rows? for example for "count" column can i exclude every row that date = 2019-11-8 (without these rows being excluded for example from alarm_text column)?

flash1293 · November 8, 2019, 10:41am

When you are applying filters they are applied before the aggregation is run, so you can not apply them partially.

system · December 6, 2019, 10:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana(Group By Date, Get column with not '-' values Kibana elastic-stack-monitoring	1	18	July 29, 2024
Group by in Kibana Lens Kibana elastic-stack-monitoring , elastic-stack-alerting , lens	1	207	April 29, 2024
Creating data table using group by like clause in Kibana? Kibana	2	6211	July 6, 2017
Group by data in data table kibana [Solved] Kibana	5	14230	August 8, 2017
How to Count 3 columns together while doing group by in Elastic Transform in Kibana Elasticsearch	3	655	February 24, 2020

Grouping documents in kibana based on a column without losing the rest columns

Related topics