One of my table is getting populated by a time interval with some data from different channel with same time stamp. I wish to aggregate it w.r.t time. Sample query as below.
select starttime, sum(available) as available, sum(damage) as damage, sum(unavailable) as unavailable from product_inv_detail where starttime = (select max(starttime) from product_inv_detail) group by starttime;
This view is working properly for me in my Database. Same structure index is available in Elastic also. I am looking for a KQL to capture this data in Kibana.
You won't be able to do it in discover - it'll only produce a timestamp sorted list. In Visualize you'll want to use the data table.
Are all of these fields in the same document? If so - your metrics would be the select sum(damage) and sum(unavailable) portion, and the buckets would be a terms aggregation on starttime.
Oky. Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.