HI
I want to create a scripting field with the combination of two fields and use in a Visualise graph.
so that I can use two fields in one bucket.
columns (A & B) are togeather unique
trying to achive Logic like :- select count() form logs(kibana) where APIName(column A) =’xxx’ and APIVersionName =’x.0.0’ group by status code
Thanks for your help in advance
Hey Rajinia,
you can create a scripted field, with the following painless script:
doc['APIName'].value + '_' + doc['APIVersionName'].value
That way you would get a field containing the name and the version in one field. If you use this you can now split up your buckets according to each name-version pair.
Hint: If this is a common use-case that you want to visualize over in your data, I would recommend you to add a field with that value at indexing time (e.g. modify your logstash config to add it, or whatever tool you are using). Adding it at indexing time will result in a way better performance, than scripted fields.
Cheers,
Tim
Thanks, Tim
Is there any way I can get a graph only for a specific API like " where API name =='aa' or API name =='bb'
Yes, you can. Just add a filter on top of the visualization editor:
If you save that visualization, that filter will keep attached to it, meaning if you place it on a dashboard it will still just show the results for that API you filtered it for.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.