hello evreyone ,
i have a table contains three columuns "clientip" , "bytes_sent" & "count" , so my goal is to measure "bytes_sent" * "count"
for example ;
for this clientip the result is 166*2 = 332.
thanks .
It looks to me as if what you are trying to do is figure out how many total bytes have been sent by an IP address, correct?
For example:
To do that, you need your metric to be "Sum" of bytes_sent, and then you need a bucket that does Terms aggregation on "clientip.keyword":
yes but in the Field section i d'ont have "bytes_sent" !!!
Where is "bytes_sent: Ascending" coming from in your table?
this is my problem when i select the metric on sum i d'ont found "bytes_sent" !!!
I don't have enough information to go on, then. You need to have a field that you can aggregate. In your screenshot, it looks like you have a field called "bytes_sent", but if not, you need to aggregate on whatever field you have that represents that data.
yes i understood , it's ok when i select "terms" in aggregation i found "bytes_sent" field but when i select "sum" or "max" ... expect "count" in aggregation i can't found "sent_bytes" field so this is the problem
please help if you have any information
What is the type of your bytes_sent field? It looks numeric, and numeric fields should be available to the Sum operation.
it's string
so how can i change it to numeric??
Ah. Yeah. You can't sum a string. That field needs to be a number. You might be able to get away with a scripted field to convert the string to a number at query-time:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-script-fields.html
But if possible, you should make the field numeric in the actual index, since it is a numeric field.
yes but in grok pattern i set the bytes sent as "number" , rellay i d'ont unterstand what i should do
please help me
You should reindex the data with changed mappings for the field "bytes_sent" and then proceed.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.