I use Pivot to group data within the Transforms section in Kibana.
I'm wondering if its possible to group by a certain field within a defined time intervall?
In my case I would like to group by a field only within a day (00:00 - 24:00). Group by shall split by midnight.
Do you have any hints how to implement this requirement?
Thanks
You can in addition to your existing grouping add a date_histogram group_by:
"group_by": {
"timestamp": {
"date_histogram": {
"field": "timestamp",
"calendar_interval": "1d"
}
},
"myfield": {
"terms": {
...
}
}
I'm sorry I'm not so advanced thinker...
I give you more insights bc not able to follow your post.
In Kibana I created Runtime Field using following script:
emit(doc['@timestamp.max'].value.millis - doc['@timestamp.min'].value.millis)
The group_by function is implemented with "Transforms" function. The new index is already prepared.
I only need to extend the Runtime Field with above functionalitiy: split by midnight or daily buckets.
You can choose a date_histogram based group_by in the UI:
(I clicked on Add a group by field)
A runtime field allows you to manipulate single documents, it can not be used to split data sets.
In order to add the date_histogram you have to create a new transform, to not start from scratch, select your existing one and choose clone.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
