Hi,
i really like the rollup feature and i'd like to mix rollup and live data (to fill the gap until data is rolled up) in kibana visualizations. However my rollup data looks different, because every term in my original index I selected as rollup field gets ".terms.value" and ".terms.count" added to its name. So i wonder how can i do a Kibana vis that takes both terms into consideration ? Or am I doing something wrong ?
Cheers,
Lukas
You'll have to use the RollupSearch endpoint, which is basically a search endpoint that knows how to convert the internal rollup naming convention (.terms.value, etc) into something that's compatible with regular searches.
So in Kibana, you'll need to create a "Rollup Index Pattern", so that Kibana knows to switch over to the rollup search endpoint instead of the regular one. More details here: https://www.elastic.co/guide/en/kibana/current/visualize-rollup-data.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.