Kibana Visualize - How to aggregate data with two string field values?

elastic4 · January 25, 2018, 1:09am

I have data as follows in ElasticSearch. timestamp is a timestamp field and item_status, item_id are string fields.

timestamp                           item_id    item_status
January 24th 2018, 12:06:34.287     1               Processing
January 24th 2018, 12:10:14.310     1               Completed
January 25th 2018, 07:21:30.876     2               Cancelled
January 26th 2018, 09:11:55.775     3               Completed

I want to query this data such that I can get all items that have had both Processing and Completed as their status. In my case, my query result would just be:

item_id
1

How can I do this with Kibana Visualization? I have been doing something similar to How can I make visualization with GROUP BY and https://stackoverflow.com/questions/27467180/run-a-simple-sql-group-by-query-in-kibana-4 but it did not really get me what I wanted.

Thanks in advance!

Bill_McConaghy · January 25, 2018, 2:06pm

A boolean query using must combined with a. terms aggregation on item_id field should get you what you are looking for.

system · February 22, 2018, 2:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combine aggregated fields on Kibana visualization Kibana	2	1778	May 31, 2018
Aggregation inside Visualization Kibana	5	331	September 16, 2019
Kibana Visualization - Group by and where condition Kibana	9	16401	May 14, 2019
Kibana visualization search only the latest value Kibana	5	986	February 19, 2020
Use only unique fields for a visualization Kibana elastic-stack-graph	2	577	December 16, 2019

Kibana Visualize - How to aggregate data with two string field values?

Related topics