Kibana advanced search split by

Alex112345 · June 30, 2021, 2:42pm

Hi all,

I'm quite new to Elastic & Kibana. I've used Splunk in the past and I was wondering if someone could point me in the right direction to do something as below
Let's say we have an indexed field called users. There are 1000+ users.
There is another field called response; which can be anywhere from 0 to 999;

Would it be possible to create a graph/table which only shows the users that have a percentage for a specific response over value X?
i.e
We have user no 1234;
In the last day, the response percentages for that user is as below
1- 90%
2- 5%
9-4%
10-1%

Would it be possible to create a table/visualisation that will show that user if it exceeds the threshold of response 1 to be over 80% ? If that's the case, would it be possible to create such table, that would be split by users and to show that type of data for all the available users?

If such thing is not possible using a visualisation, would it be possible to do it using a watcher?

Thanks.

warkolm · July 1, 2021, 1:52am

Welcome to our community!

You can do this in Kibana for sure. Start with the base visualisation of users and response, and then add a filter for response > 80.

Alex112345 · July 1, 2021, 7:42am

Hi @warkolm, thank you !

I would need to filter by the percentage of a response;
i.e I would need to be able to view the data if the percentage of response "1" is over 80%.
Would such thing be possible?

system · July 29, 2021, 7:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.