Need help with aggregation on a column (having json stream)

Pankaj_Chopra · August 4, 2020, 7:30pm

Hi Team,
Apologies, I am very new to Kibana, but definitely quite excited to do a lot of things.

We have a JSON stream on one of the column in each doc['Stream']

In the following example of JSON string in a document. I want to create pie-chart visualization (with split chart over 'rank'). Please note 'propositionName' = {Save, Device+Save, Plan+Device+Save}

So, basically I want to understand for rank-1 what's the split over propositionName.

Right now I don't have Stream field expanded in script or in logstash, not sure how to do it. Please provide recommendation, happy to provide more details.

flash1293 · August 12, 2020, 11:50am

Hey, it seems like the "stream" is indexed as a string field - Elasticsearch doesn't even know there is json inside. To change this, you can use the JSON logstash plugin: https://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html

This won't be enough however, because Kibana doesn't support nested documents in this way as all keys are flattened during the indexing, which means the relationship between rank and propositionName gets lost.

To avoid this, you have to split up your documents to have a single document for each "proposition". You can use the split logstash plugin for this: https://www.elastic.co/guide/en/logstash/current/plugins-filters-split.html

Pankaj_Chopra · August 13, 2020, 2:26pm

Thanks @flash1293 for providing information. I think I understand what you mean.
Will it be possible for you to provide an example too to give more insight.
Thanks again!

system · September 10, 2020, 2:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.