[Kibana Enhanced Table] Request for Docs and Tutorials for Scripting Language

Elastic Stack Kibana
1

First of all, I would like to thank @fbaligand for creating the awesome Kibana Enhanced Table plugin, it is really useful.

I understand that I can use col[n] to reference existing columns in the data table to derive a new column. I am able to get this working fine.
Computed%20Column%201

I am trying to reference a field in my index pattern to derive a new column. However, it does not work because my script is not correct. As such, I would like to request for tutorials on using the expr-eval syntax in Kibana so that I can write the correct scripts and get things working. Thanks.

2

Hi,

First of all, thanks for your interest to kibana enhanced-table plugin!
Happy to see you enjoy it :slight_smile:

Then, to answer to your question,

  • firstly, don't forget that Enhanced Table (like Data Table) aims to display aggregations, not documents.
  • and so, you can't directly access document fields like that in a computed column formula
  • but you can display documents and add computed-columns, using some tips :
    • in "Data" tab, in "Buckets" section, click on 'Split Cols', and create a 'Terms' aggregation based on "_id" field (or any unique field)
    • then, add a 'Terms' bucket (size=1) or 'Top Hits' metric for each field you want to use in computed column formula. For example a 'Terms' aggregation based on "in_authentication_success" field.
    • then, in "Options" tab, add a new computed column, and reference each column you need for your computed column using col[1] or col1.
      For example : col1 == "Y" ? 1 : 0
    • finally, using "Hidden columns" setting, hide every column you don't want to display. For example "_id" and "in_authentication_success" columns.

A last thing: if you want some reference documentation about what you can do in a computed column formula, click on "expr-eval" link above "Formula" setting. It provides full documentation about what you can do.

Hope it helps you

1 Like
3

Thanks for the clarifications and the workaround solution.

This is the setup of 4 metrics, 1 bucket and 1 calculated formula before applying the solution.

Data%20Config
Data%20Config1713×608 58.3 KB

Many repeating columns appeared in my table after following Step 1 and 2 of the instruction. I could not proceed with Step 3.

4

I decided to try using the Scripted Fields, and managed to calculate the Authentication Rate. Looks like I have a lot more to learn. Thanks for the support.

5

Through your 2 last comments, I understand that you don’t want a table line per document, but a table line per aggregation.
That’s why my tip does not solve your need.

If you want some computed field based on document fields, and then compute an aggregation on it to display on a table (or any visualization), then the Kibana scripted field is indeed the good choice!

1 Like
6

Pardon me if I didn't explain my requirements clearly. Thanks again for clarifying and confirmation on using Kibana scripted field. Cheers! :smiley:

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.