I am using Elastic Cloud v 7.5.2. I am trying to transform the index, where i want the term count to be aggregated. In Kibana UI, Define Pivot does not have provision to take terms aggregation. How to achieve it? Is the version didn't support or we can achieve the same using Transform API?
There is no way to edit the question. I am updating the above question for more clarity.
I am using Elastic Cloud v 7.5.2. I am trying to transform the index, where i want the term count to be aggregated. In Kibana UI, Define Pivot does not have provision to take terms aggregation. How to achieve it? Is the version didn't support or we can achieve the same using Transform API?
we have a field eventType which will have values like task-started, task-completed, task-inprogress. Each document will have an jobId and each job can have multiple tasks. I need to transform the index to a new index in such a way where task-started, task-completed and task-inprogress will be separate field and it will have value count aggregated to it.
Our ultimate goal, in Kibana we need to show additional columns which will have percentage and ratio of these task fields.
Terms as part of group_by should be possible with any version of transform, terms as part of aggregations however requires 7.9. For your usecase you could also work with filter, but that requires minimum 7.7. The only way to get this to work in 7.5 is custom code with scripted_metric, e.g. similar to this example.
As a general remark: Not all features are available in the transform UI, there is and probably will always be features that at least require the advanced editor. But - I might be wrong - I think in 7.5 we do not have the advanced editor in the UI yet, that means you have to use the dev console to create the transform, if you want e.g. use scripted_metric.
I think your best option is to upgrade, I understand that's not always possible, if so you can only workaround it with custom code.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.