I am trying to create a graph which displays deltas from the previous week and current week. In terms of delta, I would like to display the events that showed up last week, but not the current week AND the events that showed up this week, but not last week.
In each event there is an "ID" field. I would use the "ID" field to get the deltas. If there are duplicate ID's, these events would be omitted from the graph. I've looked into aggregated unique counts and json input, but could not find a solution. Any help would be appreciated.
@chg Unfortuantely, this isn't something that is currently supported. Elasticsearch has limited Join support and neither of these types of joins appears to solve your problem, so Kibana isn't able to do so either.
Thanks for the response Brandon. I was thinking of something along the lines of setting the date range to the current week and previous week, so I could look at only those events. And then somehow get a unique count of the ID's. If the count is greater than 1 for an ID, the event that contains that ID would be excluded. Is this possible to implement?
I was searching around and came upon scripted fields. Is there a way to generate a count and store in a scripted field? And then filter the events using the scripted field.
@chg I'm not seeing how scripted fields would help you in this scenario. Elasticsearch/Kibana doesn't have a built-in mechanism to allow you to create scripted fields based on the counts in Elasticsearch.
I came across the bucket selector aggregation, which seems to do what I want. But do you know if this feature is available in Kibana? I currently have version 4.6 installed and do not see this feature.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.