Question about Split Table when making a Table Visualization

Elastic Stack Kibana
1

We're on Kibana 6.6. My Firewall Guy has asked me to build him some Top Talkers and Listeners visualizations for our proof of concept display of the Elastic Stack. I've thought I'd be nice and build him a table of what the Top Talkers are most frequently talking to but every time I make the split table size more than 1 I get a lot more than the number listed.

Table Visualization Settings:
  Metrics
     Metric: Count
  Buckets
     Split Rows
        Aggregation: Terms
        Field: receiving_host.keyword
        Order By: metric: Count
        Order: Descend
        Size: 20
     Split Table
        Columns
        Sub Aggregation: Terms
        Field: sending_host.keyword
        Order By: Metric: Count
        Order: Descend
        Size: *

When I set the spot marked with * to 1 I get 1 table
When I set the spot marked with * to 2 I get 8 tables
When I set the spot marked with * to 3 I get 11 tables
When I set the spot marked with * to 4 I get 18 tables
And so on and so forth.

Is it supposed to do that? If so, what's the formula for how many tables it's generating? I'd kind of like to generate 4 or 5 instead of 8

2

Found a solution to my problem of number of tables I want to see. Moving Split Table above Split Rows got me the correct number of tables. I am still curious as to how Kibana was deciding how many tables to generate though

3

Hello Amanda,

Glad you found a solution. FWIW, we're aware this logic is confusing and changes are in progress for future versions:

Thanks,
Aaron

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.