How to create a table with index content as column title and count as content?

elasticheart · March 1, 2017, 9:02am

Hi,

I use ELk GA 5.0.0. I have log entries like below

<timestamp><user><action>

Which is parsed by logstash and saved to elasticsearch. Actions can be like login, search, logout etc. I wanted to view total count of actions of each user. I was able to create a table visualization in Kibana like below;

-----------------------------
User   |  Action    |  Count
-------+------------+--------
UserA  |  Login     |  20
-------+------------+--------
UserA  |  Search    |  10
-------+------------+--------
UserB  |  Login     |  10
-------+------------+--------
UserB  |  Search    |  5
-------+------------+--------
UserC  |  Login     |  5
-------+------------+--------
UserC  |  Search    |  2
-----------------------------

But, I would like to create a table like below;

--------------------------
User   |  Login  |  Search
-------+---------+--------
UserA  |  20     |  10
-------+---------+--------
UserB  |  10     |  5
-------+---------+--------
UserC  |  5      |  2
--------------------------

Is this possible in Kibana?

Thanks in advance..

spalger · March 1, 2017, 7:27pm

You could do this a couple ways, one of which would be a scripted field.

Create two scripted fields: Login and Search with scripts that look something like this:

doc['Action'].value == 'Login' ? 1 : 0

Then use two metric aggregations for Sum of Login and Sum of Search.

elasticheart · March 1, 2017, 7:58pm

Hi, Thanks for your reply.

But @spalger , I have a saved search, which only returns Login and Search values, and I have linked my table to that search, so that only Login and Search will be displayed. My question is, whether the so called "scripted field" is implemented for this purpose? If I have a saved search like this, how can I use two metric aggregations?

spalger · March 1, 2017, 9:18pm

The metric aggregations are defined at the top of the aggregation sidebar in Visualize. Your current table uses a single "Count" aggregation, but change that to "Sum" and then choose either of your scripted fields in the new field drop down that shows up

elasticheart · March 2, 2017, 8:31am

Thanks.. It helped..

system · March 30, 2017, 8:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to create tables in Kibana with operation on columns like we do in Excel? Kibana	7	6503	January 4, 2018
How to create this table report in kibana according to this use case Kibana lens	1	126	May 2, 2024
How can I add a count of entries which has an attribute greater than certain values in Kibana? Kibana	2	2999	March 7, 2018
Is it possible to divide value in one column with value in another column, in Kibana table visualization? Kibana	7	6755	May 9, 2017
How to create table by month grouped by year Kibana	2	447	November 4, 2022

How to create a table with index content as column title and count as content?

Related topics