I use Pivot to group data within the Transforms section in Kibana.
I'm wondering if its possible to group by a certain field within a defined time intervall?
In my case I would like to group by a field only within a day (00:00 - 24:00). Group by shall split by midnight.
Do you have any hints how to implement this requirement?
Thanks
You can in addition to your existing grouping add a date_histogram group_by:
"group_by": {
"timestamp": {
"date_histogram": {
"field": "timestamp",
"calendar_interval": "1d"
}
},
"myfield": {
"terms": {
...
}
}
I'm sorry I'm not so advanced thinker...
I give you more insights bc not able to follow your post.
In Kibana I created Runtime Field using following script:
emit(doc['@timestamp.max'].value.millis - doc['@timestamp.min'].value.millis)
The group_by function is implemented with "Transforms" function. The new index is already prepared.
I only need to extend the Runtime Field with above functionalitiy: split by midnight or daily buckets.
You can choose a date_histogram based group_by in the UI:
(I clicked on Add a group by field)
A runtime field allows you to manipulate single documents, it can not be used to split data sets.
In order to add the date_histogram you have to create a new transform, to not start from scratch, select your existing one and choose clone.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
