I'm trying to create a data table visualization in ELK 7.8. I have a Terms aggregation with size 5 and checked "Group other values in separate bucket". So it shows Other bucket as row in the table with Count metric. I also have a Sum metric for a numeric field. For this Other bucket, the value of Sum aggregation is always 0 which is not correct. Why is SUM aggregation not performed on "Other" bucket? Are there any ways to achieve this?
Can I have some comment on this please? It sure looks like a gap to me.
Hi @webstruck -- what's the Elasticsearch mapping for the "operation duration" field? And I assume the Kibana index pattern has it as "Number", correct?
I just tested this in 7.8 using the sample logs data which ship with Kibana, but was unable to reproduce, so I'm trying to figure out what I'm missing
@lukeelmers The Elasticsearch mapping is
"operationduration": {
"type": "float"
}
and yes, Kibana index pattern has it as "Number", searchable and aggregatable.
One recent observation is, if I choose my sum aggregation (summing OperationDuration in this case) metric as "Order By" for my Terms aggregation, then the sum for "other" bucket is calculated properly. But if I choose default count metric (All Events) as "Order By " then I see above issue and sum is always 0. Hope it helps!
@webstruck I still haven't had any luck.
I'm using our public demo environment to try to reproduce this, you can see what I have configured here, but so far things are working as expected.
I might have configured the demo visualization incorrectly though -- are you able to reproduce the same issue in the demo environment using one of the sample data sets there? Trying to narrow down whether this is a bug, or perhaps something specific to your environment.
This surely seem to work in your demo environment. What else I could check in my environment?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.