We have a line graph that shows the occurrence of an event over time, using count on the y axis and a date histogram on the x axis. If we add a split series sub bucket on the data (for example on the field "owner") it splits it as intended, however we lose the original line (the total). Is there a way to show both the sub buckets, as well as the original total line?
Running Kibana 6.8.4
I guess you're probably using a Terms aggregation on the "owner" field. If there is a relatively small and constant set of owners in your data you could switch from the Terms aggregation to the Filter aggregation. Then you would have to create a filter for each owner: Lee, owner: Shay, etc and one final filter that doesn't really filter at all. But if there's a lot of owners or the set of owners is very dynamic, this approach probably wouldn't work.
Here's an example of that approach;
Another way would be to use TSVB (Time Series Visual Builder) visualization. In this case you have one series that is split by the Terms "owner" and another series which isn't split;
Regards,
Lee
Don't know why I hadn't thought of that, there is only 4/5 owners and they remain constant enough for that to work. I'll try out both approaches, thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
