Thanks Wylie.
I am going with the TSVB option by following the initial steps mentioned in Filter ratio in TSVB.
I am trying to perform a sum operation on one of the fields but I do not see that field as an option. I used python to create mapping and later dumping the data using the API.
"mappings": {
"properties": {
"timestamp": {
"type": "date"
},
"status": {
"type": "text",
"fields": {
"raw": {
"type": "keyword"
}
}
},
"service": {
"type": "text",
"fields": {
"raw": {
"type": "keyword"
}
}
}
}
}
I can only see epoch_time in the dropdown. Is it because that's the only integer field? How would I make a sum aggregation on a string field like 'service'. Is my mapping correct?
