How to combine two outputs

frostkilen · June 21, 2019, 3:14pm

Hi together,

as a total ES Noob I have one essential question.
How do I combine two values from an aggregation?

I am collecting sFlow Data with "ElastiFlow" and have some traffic sums of
the available fields (from sFlow) flow.dst_addr and flow.src_addr.

Generally my target is to see the overall traffic for lets say one IP address.
What I have now: 1 value for ingress, one for egress.

Target:

Extract sum of flow.bytes for a range of IPs (total in AND out)
Put them into a table as visualization

I have absolutely now clue how to do that in combination.

Could you point to the right direction?
Thanks in advance

Bargs · June 21, 2019, 10:25pm

If I'm understanding your requirements correctly, you should be able to do this with an IP range bucket aggregation and a Sum metric aggregation. Here's an example:

system · July 19, 2019, 10:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combine two different aggregation results into one Kibana	3	951	July 14, 2022
Aggregating the sum of sub-aggregation Elasticsearch	1	370	September 15, 2020
Netflow - SUM netflow.bytes between 2 ip's Kibana	7	1101	August 22, 2019
Correlate two indexes Kibana	3	2062	November 22, 2018
[Agent-Netflow] Anomaly Detect for spikes on coms between 2 IP SIEM	6	481	July 11, 2023

How to combine two outputs

Related topics