How to combine two outputs

Elastic Stack Kibana
1

Hi together,

as a total ES Noob I have one essential question.
How do I combine two values from an aggregation?

I am collecting sFlow Data with "ElastiFlow" and have some traffic sums of
the available fields (from sFlow) flow.dst_addr and flow.src_addr.

Generally my target is to see the overall traffic for lets say one IP address.
What I have now: 1 value for ingress, one for egress.

Target:

  1. Extract sum of flow.bytes for a range of IPs (total in AND out)
  2. Put them into a table as visualization

I have absolutely now clue how to do that in combination. :frowning:

Could you point to the right direction?
Thanks in advance :slight_smile:

2

If I'm understanding your requirements correctly, you should be able to do this with an IP range bucket aggregation and a Sum metric aggregation. Here's an example:

26%20PM
Screen Shot 2019-06-21 at 5.24.26 PM.png1143×1057 62.7 KB

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.