I'm using timestamps on the x-axis,
I'm using amount of actions on Y-axis,
I'm adding a split series bucket with specific filters.
I do this to add specific users and to be able to group together multiple of their IDs into the same bucket with a custom labeled filter. Perhaps I can do this in another way.
I work with blockchain data, so in this example, one marketplace can have multiple accounts. Example on how my filtering looks is below:
@transfer.to : "account1" OR "account2" OR "account3"
This gives me all transfer actions to these 3 accounts.
So far, so good. But what happens next is that they start to act weird.
They add the data from account1, then they add the data from all 3. Which duplicated the numbers.
I.ex. the real volume is about 800,000, but instead it shows around 1,600,000.
If I change the filtering and giving them one bucket each:
@transfer.to : "account1"
@transfer.to : "account2"
@transfer.to : "account3"
Everything is correct, but as soon as I add them together they act out.
What I want to achieve:
I have multiple marketplaces where I want to filter their specific accounts into one labeled instance, to compare their market share.
Can this be done in a better way?
What I need is:
- A way to combine multiple data sources (accounts) into one labeled filter
- Be able to show multiple of these labeled filters in the same data presentation.
I'm using Elasticsearch and Kibana version 7.7.0
Worth adding is that my KQL skills are limited.