Kibana Aggregation between types

Robert_Naccache · November 22, 2017, 3:22pm

Hi everyone,

I made another post earlier during the day, but didn't get any response. I've tried a lot of things during the day but i think understanding the issue is more important.

My question is, if i have two types under the same index that have the following fields
index/logs
field: jobid
field: buisnessevent

index/errors
field: jobid
field: errorid

is it possible to aggregate in kibana by buisnessevent?
i'm trying to get a list of every business event, and display how many jobs (with and without errors) per event.

From what i understand because index/errors doesn't have the buisnessevent field, i can't aggregate based on it.

thank you for the clarification,
Robert

Robert_Naccache · November 23, 2017, 8:09am

Morning,

After struggling with this, in the end i chose to flatten my data from the database which solved my issue.

Thanks,
Robert

anujjain0801 · November 23, 2017, 9:04am

Hi Robert,
I also have some use case like your where I need to aggregate data based on some field and then when user clicks on the particular field it should show details of the results.

Can you please help me how you are trying to achieve this?

Robert_Naccache · November 23, 2017, 12:01pm

Hi Anujjain,

I dont know the details of your case, but i was importing data from MSSQL using JDBC drivers between three tables using logstash.

What i ended up doing was using 'Left Join' in my SQL query, instead of having two different tables, i flattened it out into one and imported. so from

index/logs
field: jobid
field: buisnessevent

index/errors
field: jobid
field: errorid

i endded up with one _type:
index/logs
field: jobid
field: businessevent
field: errorid

and it doesn't matter if i have two error id for one jobid, i'll just have two entries and i can aggregate in kibana using "unique count" or "cardinality"

hope it helps.

Robert

anujjain0801 · November 23, 2017, 12:07pm

Hi Robert,

Thank you so much for the response. I will try the way you are using it. My use case is I need to aggregate data based on correlation id or some token. Can you please let me know if we can create hyperlinks in Kibana and use it to view details of the fields.

Thanks and Regards,
Anuj Jain

Robert_Naccache · November 23, 2017, 12:15pm

HI Anuj Jain,

I'm not exactly sure what you mean by hyperlinks.

If you need to view the details of a document, you can check the discover tab in kibana and on the left part of the window under 'available fields', just add the fields you want. After that you can save it as a search and add it to a dashboard (i think that's what you want).

I'm kind of new to kibana, so there might be other ways around doing what you want

system · December 21, 2017, 12:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correlate Events using Kibana Kibana	2	4727	February 23, 2018
Multiple Logs in Kibana Kibana	4	1299	December 7, 2017
2 events in 1 visualize data table Kibana	4	2657	August 14, 2017
How is possible to combine indexes in a visualization? Kibana	6	6894	July 6, 2017
Combining results from two indices Kibana	2	521	January 25, 2017

Kibana Aggregation between types

Related topics