Need help with aggregation on a column (having json stream)

Elastic Stack Kibana
1

Hi Team,
Apologies, I am very new to Kibana, but definitely quite excited to do a lot of things.

We have a JSON stream on one of the column in each doc['Stream']

image
image1177×817 72.8 KB

In the following example of JSON string in a document. I want to create pie-chart visualization (with split chart over 'rank'). Please note 'propositionName' = {Save, Device+Save, Plan+Device+Save}

image
image541×609 42.4 KB

So, basically I want to understand for rank-1 what's the split over propositionName.

Right now I don't have Stream field expanded in script or in logstash, not sure how to do it. Please provide recommendation, happy to provide more details.

3

Hey, it seems like the "stream" is indexed as a string field - Elasticsearch doesn't even know there is json inside. To change this, you can use the JSON logstash plugin: https://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html

This won't be enough however, because Kibana doesn't support nested documents in this way as all keys are flattened during the indexing, which means the relationship between rank and propositionName gets lost.

To avoid this, you have to split up your documents to have a single document for each "proposition". You can use the split logstash plugin for this: https://www.elastic.co/guide/en/logstash/current/plugins-filters-split.html

1 Like
4

Thanks @flash1293 for providing information. I think I understand what you mean.
Will it be possible for you to provide an example too to give more insight.
Thanks again!

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.