Hi,
I want to know if it is possible to perform a query in kibana to get the following results.
I have a records that have common values between them and I want to query and get the results for the records that have more than one association.
Because this is difficult to explain, I share and example below with tables from Excel.
Initially it look like this:
I want to query in a way that I get the AAA that have more then one BBB.
So it will look like this:
Is this possible in Kibana?
You might run into problems with that screenshot because you have non-numbers in BBB - but if I ignore those...you could potentially use a runtime field to compare two documents and emit a true / false....and then use that true / false field to filter to only the documents where the condition is true.
//Return a true when one field is greater than another in the same document
if (doc['AAA'].size()==0) {
emit(false);
}
else if (doc['BBB'].size()==0) {
emit(false);
}
else {
if (doc['AAA'].value > doc['BBB'].value) {
emit(true);
}
else {
emit(false);
}
}
You can enter this in a runtime field editor in Stack Management, Discover, or Lens
Thanks for the quick reply! Can I do this on a Visualization in? Like create the field temporarily?
Not yet but it's something we have been talking about doing. "Local runtime fields" [Runtime Fields] [META] Runtime Fields UX · Issue #124412 · elastic/kibana · GitHub - CC @Jason_Burns for 
I am running an enterprise edition and I do not think I have the possibility to create a field. Is there another way of achieving this?
This is what my stack management looks like:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
