Hi Tim,
thanks a lot for your detailed answer. Our documents in fact look like your first example:
{
"@date": <some timestamp>,
"meetingId": "meeting-12345",
"participantId": "participant-98765",
# maybe some other fields
}
The main problem seems how to derive a set of auxiliary documents looking like your second example:
{
"@date": <some timestamp>,
"meetingId": "meeting-12345",
"numParticipants": 20,
# maybe some other fields
}
This set corresponds to what I was referring to as "auxiliary mapping" (mapping in the sense of function). If we had these auxiliary documents explicitly, then we would be done, since then we could "bucket" on numParticipants and count the documents (as you did in your final histogram).
So, the questions are:
-
You gave a search query that can be typed in in the Kibana console, and in fact returns "buckets" that count the number of participants for each meeting. Can this query be used for a Kibana visualization (as some background code)?
-
You talked about "pipeline aggregation" in ElasticSearch. Is this something that could be done in a Kibana visualization also (after all we want to draw bars, and not do console queries)?
-
You said "If you don't have numParticipants as a field in your data, you always have the option of pre-processing that calculation at index time". Yes, we do not have that field. But I have no idea how this could be calculated "at index time" (do you mean in Logstash?). Would we need the ElasticSearch filter plug-in (since we do not have that available)?
Thanks for your support.