Kibana Visualization - Group by and where condition

shrutip · April 11, 2019, 2:41am

Hi ,

I am trying a visualization where in I have to count some records based on some conditions and group by using two fields.
I am not getting how to add one more group by field and where to put where condition fields.

Below approach I have tried -
I did count (field) on Y axis.
Date Histogram aggregation on X-axis.(This is one of my group by field)
In Split Series , I am doing sub aggregation as filters and passing two fields(Field1: VALUE1 AND FIELD2 : VALUE2) on which I need to select data.

Can anyone suggest how and where I need to add other group by field and what I have done is correct approach.I have gone through few links but didnot find group by multiple field scenario

I did try with two approaches -
Time Series and Line Chart.(not sure which one to follow )

I am stuck here .Pls help

Thanks ,

Marius_Dragomir · April 12, 2019, 9:36am

In the line chart, you should be able to add another filter lower, under that Filter 1 field. Just scroll down in that panel.
If that's not what you were looking for can you explain in more detail what you want to do, maybe we can find an easier way together.

shrutip · April 12, 2019, 2:06pm

Hi Marius ,
Thanks for your response.
my requirement is - I need to count records group by two fields and with two where condition

Metric is count (where field1 = value1 and field2 = value2)
group by - terms field1
then by - date histogram @timestamp.

Also , out of two charts which I tried , which one is more appropriate ?
Let me know , if this makes requirement clear to you or more info needed.

Thanks again!!

shrutip · April 12, 2019, 2:14pm

what I understood is when I add two different filter like filter1 and filter 2 , it would give me two lines - one for which satisfies filter1 and one for which satisfies filter2 condition. But I want those records which satisfies (Filter1 AND Filter2)

Marius_Dragomir · April 12, 2019, 2:14pm

This can be done, but I don't see why you need a Group By terms on Field1 as field one will always be value1, according to your count there.

Easiest way to achieve it is to have 2 filters in the filters at the top of the page: field1=value1 and field2=value2.
Then use Count as a metric.
In the aggregation select Date Histogram and then Split series on Terms, with field1 set as the field.

shrutip · April 12, 2019, 3:50pm

Please find the attached screenshots.Is this what you were trying to explain?
Can u pls let me know if same can be achieved through Time Series?
Images are in the order - image , image1 , image2

Thanks,

shrutip · April 12, 2019, 3:53pm

I didnot get this point. Do u mean that since I am counting records here , it would be a single value.

shrutip · April 15, 2019, 3:52pm

Please let me know if the approach I took is correct ?

Thanks

shrutip · April 16, 2019, 6:37pm

I have to create one more visualization where in
Metrics - count()
Group by - Terms(Field1) , Date Histogram(@Timestmap)
Where - Field 2 = Value

I did filter records first and then on y axis did count
on x axis aggregate - group by date histogram.
Now , how should I group by Terms(field1) ?

Appreciate your help here !!

Thanks,

system · May 14, 2019, 6:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.