Hello.
I'm trying to visualize terms of my data in a bar graph, showing two bars: one for the sum of src_bytes and one for the sum of dst_bytes. It is also important to order the terms based on the total number of bytes, which I have done.
However, I would also like to filter the terms where the total sum of src_bytes is greater than the total sum of dst_bytes and vice versa. How can I apply such a filter.
Thank you.
Hello,
You can usually achieve that filter by creating a scripted field that is equal to the difference between src_bytes and dst_bytes. But this depends on how your data is structured and how you’ve achieved the first step from your question.
Can you give me some more details on the aggregations that you used to create the bar chart with the sums of src and dst bytes, per term?
Also, an example of a document that contains src_bytes and/or dst_bytes would be of use in order to help you create that scripted field.
My data looks like this:
{src_bytes: 10, dst_bytes: 20, total_bytes: 30, username: Joe}
I'm doing a basic bar graph, aggregating usernames on the X axis, and showing just two metrics: sum of src_bytes and sum of dst_bytes.
I created the scripted field, of the difference between src_bytes and dst_bytes, and used that to order the usernames in my graph. By ordering it in descending order I was able to show the usernames which had the highest percentage of src_bytes vs dst_bytes, which is close to what I'm looking for.
How can I now use the scripted field to actually filter all usernames which have a sum of "bytes_difference" less than zero ?
As an aside, because I already need to parse my data for other reasons, I will be able to add "bytes_difference" directly into the documents themselves, instead of making use of a scripted field. Is there some other data that I could add to the documents themselves that would help with this problem ?
Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.