How can I filter a table view on Kibana based on the aggregation results?
I've seen a lot of recommendations to use document count, but it doesn't work for my use case.
I have network logs where a single document indicates how much data was transferred during a tcp connection. So the field bytesReceived has the number of bytes received by a host during a connection.
On Kibana I want to create a table view with the "host" bucket and the aggregation as "sum of -> bytes received" But I only want to see the hosts where the sum of all bytes received in the last 24 hours is: greater than, lower than or equal to a number. (With separate filters for each case)
A single document can indicate that a host "bytesReceived" in 24h was greater than X number.
Or the sum of all "bytesReceived" for a host in multiple documents was greater than X number.
How can I filter it on Kibana table view?
To clarify, for example:
The sum of "bytesReceived" in 100 documents could be equal 3000
While the sum of "bytesReceived" for 2 other documents could be 4000000
And I want to show only lines where sum of "bytesReceived" are greater than 1000000 for example.
Thanks!