Kibana dynamic field cross comparison

E_T · February 8, 2018, 4:26pm

I want to be able to use a script which iterates throw all the values of a field to detect a match with another field. In this example I would like to use the Date values of the ActionType field which are "Email" and compare them to the "Login". If they fall within the same day/ 24hour period, I would then like to create a field that identifies that match.

This is the Csv of the data set.
ActionType,Date

Login,2016-11-02T22:00:28+00:00
Login,2016-11-03T07:10:38+00:00
Login,2016-11-04T20:59:38+00:00
Login,2016-11-07T07:38:03+00:00
Email,2016-11-07T18:52:51+01:00
Email,2016-11-07T19:11:11+01:00
Email,2016-11-07T19:20:50+01:00
Email,2016-11-07T19:54:39+01:00
Login,2016-11-28T07:35:24+00:00
Email,2016-11-28T15:49:44+01:00
Login,2016-11-28T22:56:50+00:00
Login,2016-11-29T01:12:25+00:00
Login,2016-11-29T03:23:02+00:00
Login,2016-11-29T06:23:28+00:00
Login,2016-11-29T12:40:42+00:00
Logout,2016-11-29T16:27:16+00:00
Login,2016-11-30T20:06:06+00:00
Login,2016-12-01T19:41:35+00:00
Email,2016-12-02T00:09:03+01:00
Login,2016-12-02T10:05:03+00:00
Login,2016-12-02T13:44:50+00:00
Email,2016-12-02T18:35:45+01:00
Login,2016-12-02T20:51:19+00:00

Marius_Dragomir · February 8, 2018, 6:43pm

I think this might be really hard to accomplish in Elasticsearch, and I'm pretty sure it's almost impossible in Kibana.
You can try using these scripted metric aggregations, these might help, but I doubt it.
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-scripted-metric-aggregation.html

system · March 8, 2018, 6:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.