I have a large index of documents. Each document number either starts with "XXX-", "YYY-", or "ZZZ-" and I would like to, in a horizontal bar chart, have one bar be for "XXX-" documents, the other be for "YYY-" documents, and the last bar be for "ZZZ-" documents.
Currently my bar chart is only aggregating the top 3 documents that have the most duplications in the index, which makes sense. I would, however, like to have three bars, one for each of the document number suffixes, and the bar represent how many of the "XXX-", "YYY-", and "ZZZ-" docs are in my index.
I believe this would be something solved by the "JSON input" field, but I'm largely unfamiliar with that input and how that data is read.
My recommendation here is to create a painless script in your index pattern which is able to do the conditional logic you are talking about and map it to just a single string, XXX, YYY or ZZZ. Once you create this script, you can visualize it as a Terms aggregation on the scripted field, and if you want to see the exact values you can use another Terms aggregation to see the top values in each XXX bucket for example.
Here is a script I would use:
String target = doc['request.keyword'].value;
int index = target.indexOf('-', 0);
if (index === -1) {
return target.substring(0, target.length());
}
return target.substring(0, index);
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.