Kibana: Can't visualize collapsed result

xdholy · May 28, 2018, 10:54am

Hi, I'm new in kibana/elastic.
So i saved a collapsed search. I get 2 search result but the total hits is still 7.
Now, I just want to visualize the collapsed result. But i can't find any solution.
Just to be sure, I wonder is there any way i can get a visualization of the collapsed result? Or kibana/elastic don't support such operation?

xdholy · May 28, 2018, 11:01am

I'm using this to analyze a game's player level log. when player's level upgrade, i send a log. And i will get several logs of this one player. But in my visualization, i just want one log for each player.
And since kibana cant visualize the collapsed search result, is there another way to do this?
Please help me, thanks.

timroes · May 28, 2018, 11:30am

The question is, which of the documents to you want, or do you want an aggregated result?

Because the default way would be, using the terms aggregation on the actual "userid" field which would collapse every user into it's own bucket and then using the appropriate metrics aggregation you want, like Average or Count, etc.

I would need to understand a bit better what you are actually trying to visualize to provide a more detailed answer.

Cheers,
Tim

xdholy · May 28, 2018, 11:49am

Thanks.
I'm trying to get a get vertical bar, X-Axis is level and Y-Axis is the count of players of that level.
If one player upgrade from 5 to 10, then I'll get 5 logs. Naturally i want the visualization to be only one bar of level 10. But without collapse, the result will be 5 level bars, all count as 1.
Since level is the X-Axis and count of 'userid' as Y, I can't use bucket on X-level.
Basically, I want just one log from each player so that the count of players on every level would be accurate.

timroes · May 28, 2018, 12:33pm

Hi,

I don't think that's currently possible in Kibana. I can't come up with a proper way to achieve that. I think the easiest workaround to get it running is to also have an index that only holds the "current state" of all players, i.e. update the player document whenever they raise for an level. That way you could easily use that index to visualize the above chart, by doing a terms aggregation on the level field in this index.

Cheers,
Tim

xdholy · May 29, 2018, 2:06am

Okay...Thanks for your time.
Cheers~

xdholy · May 29, 2018, 9:05am

Hi,

I create an index so the state can update and the problem is fixed.
But now i face an another issue:
I use filebeat as input, when it send a bunch of logs the same time, sometimes they are not order by the timestamp. Therefore i can't get the latest log and the data is incorrect.
For example: i got level 45 and level 46 log at the same time(level 46 is one millsec later), i wish to remain the 46 log but instead, i got the 45.

The result can be random and unexpected.

Can i control the filebeat stream or order it by the timestamp?

Thanks

system · June 26, 2018, 9:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.