Kibana need to combine results or change filter

Kaufusihm · January 14, 2016, 7:45pm

I have created a grok filter that is correctly labeling the fields in Kibana, but now I want to see if I can make a filter or do something within side Kibana to meet my needs.

I have a data table visualization created that has the name of student applications example below:

edu.utah.acs.student.coupledapps.commonejb.lib.ACSHandler 2,323
edu.utah.acs.student.coupledapps.studentfinance.ejb.StudentFinanceServicesBean 268
edu.utah.acs.student.coupledapps.commonejb.util.student.ClassDataPopulator 88

Problem: I want to combine these results. Everything that has "edu.utah.acs.student.coupledapps" I want to combine the count for. "coupledapps" is the app name and everything after belongs to the same app so I want it represented count wise as the same app.

Best,
Monty

Bargs · January 14, 2016, 8:10pm

Depending on how many unique application names you have, you might be able to use the "Filters" aggregation. That would work if there's only a small number of application names. If there's a very large number of unique names, it's probably easiest to use logstash to break apart that string into an array and store the application name as its own field on the document.

https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-split

Topic		Replies	Views
Kibana table combining aggregations Kibana	2	209	July 6, 2021
Can I provide name to a filter in kibana Kibana	3	975	July 6, 2017
Multiple filters on the same canvas Kibana canvas	1	520	June 29, 2020
Kibana split series bucket filter issue, shows duplicated data Kibana	2	598	September 10, 2020
Filter results on "Unique Count" aggregation Kibana	4	1203	March 5, 2020

Kibana need to combine results or change filter

Related Topics