Kibana visualisation from SQL query

Mkapustin · August 6, 2020, 11:32am

Hello friends! Need help with visualisation in Kibana from sql query:

I have the same table from sql query:

11301×250 33.2 KB

I need to group results values by columns of actions values and by Mail ID. In splunk I realise it with chart option ("chart latest(results) as status over mail_id by actions"):

21429×263 51.6 KB

How to get something like this in Kibana?
With an sql query, I get the difference between two time parameters in milliseconds. How to display this data on the graph on the Y-axis, on the x-axis-the time of data receipt:

31368×676 69.1 KB

thomasneirynck · August 6, 2020, 2:32pm

Can you add a group by clause?

e.g.

Select MailId, action, last(timestamp)
FROM filebeat
WHERE ...
GROUP BY MailId, action

Mkapustin · August 17, 2020, 10:45am

Hi! Yes, I can add a grouping, however, this does not lead to the desired result (screenshot), I need a table of results by steps, as in the attached screenshot from Splunk (first message).

system · September 14, 2020, 10:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.