Hello,
I'm using Kibana 8.6.1 .
For a dashboard I want to create an interactive table in Kibana that contains a timestamd and a ID. The most of the loglines starts with the timestamp and the ID, but you have the similar ID over multiple lines.
My loglines looks like:
2023-01-10 13:04:42 23HkTd-0007I3-QZ <= jira2@evil.corp H=server1.evil.corp [1.1.1.1] P=esmtps X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no S=10000 id=CONFLUENCE
2023-01-10 13:04:42 23pHkTd-0007I3-QZ => /var/spool/vmail/evil.corp/max.headroom/Maildir (max.headroom@evil.corp) <max.headroom@evil.corp> R=virtual_domains T=dovecot_virtual_delivery
2023-01-10 13:04:42 23HkTd-0007I3-QZ <= jira@evil.corp H=server1.evil.corp [1.1.1.1] P=esmtps X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no S=10000 id=CONFLUENCE
2023-01-10 13:04:43 23pHkTd-0007I3-KH => /var/spool/vmail/evil.corp/max.headroom/Maildir (max.headroom@evil.corp) <max.headroom@evil.corp> R=virtual_domains T=dovecot_virtual_delivery
On my dashboard my current table looks like and I also have drill down to a new dashboard:
@timestamp | MSGID
2023-01-10 13:04:42 23HkTd-0007I3-QZ
2023-01-10 13:04:42 23HkTd-0007I3-QZ
2023-01-10 13:04:42 23HkTd-0007I3-QZ
2023-01-10 13:04:43 23HkTd-0007I3-KH
Now I would like to aggregate all IDs with the same value, because they are related the the same email traffic and you see it just over multiple lines.
I was playing around with chatgtp, so my idea was to put the question there and looking for the resullt. I askied to give my an example:
Let's say you have a data set of e-commerce transactions that includes a field called "product_category". You want to create a table that shows the total number of transactions for each product category.
1. Open Kibana and navigate to the dashboard where you want to create the table.
2. Click on "Create visualization" and select "Table" from the list of available visualizations.
3. Give your visualization a name, select the index pattern or saved search to use as a data source, and click "Create".
4. Once you're on the "Data" tab of the visualization editor, click on "Add" under the "Buckets" section to add a new bucket.
5. Select "Terms" from the dropdown list of bucket types.
Choose the "product_category" field from the list of available fields.
Leave the default settings for order by and size.
Click on "Apply" to add the terms aggregation to your table.
Now your table will show a list of each product category, along with the total number of transactions for that category. You can drill down into each category to see more details, or filter the table to show only specific categories.
My question to you is, that it looks like olddated, because I can't see part 4 a bucket.
Where can I find it and/or how can I solve my issue?
thx