Table with Sum of Last values grouped by kubernetes.pod.uuid

milanvdm · October 18, 2021, 12:49pm

Ive got a counter on each running kubernetes pod:

{ name: foo, counter: 5, pod.uuid: 111, timestamp: 1 } and { name: foo, counter: 10, pod.uuid: 111, timestamp: 2 }

{ name: foo, counter: 5, pod.uuid: 222, timestamp: 1 }
{ name: bar, counter: 5, pod.uuid: 222, timestamp: 1 }.

I want to have a table with:

foo |. 15
bar |. 5

This boils down to retrieving the last-value grouped-by pod.uuid and name. These values, then need to be summed grouped by name.

I tried with TSVB, but this seems to be too limited to support this.

Could someone help me with suggesting the right approach? I feel that this counter example shouldnt be the hardest thing to visualize but Im struggling

ghudgins · October 18, 2021, 4:52pm

I think you might need to transform the data first and then do the sum - Transform overview | Elasticsearch Guide [7.15] | Elastic

system · November 15, 2021, 4:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I sum the result of an aggregation and present it in a table? Kibana lens	7	961	March 17, 2023
Sum aggregation in kibana data table visualization for "other" bucket is always 0 Kibana	7	1559	October 5, 2020
Last and sum in Kibana ESSQL Kibana	1	309	July 23, 2021
Calculating the sum of latest values - Timelion/Kibana Kibana timelion	4	2049	January 2, 2018
ECS-Kibana issue: is it possible to combine dynamic filter for kubernetes.pod.name or kubernetes.container._module.pod.name Metrics	3	3307	September 17, 2019

Table with Sum of Last values grouped by kubernetes.pod.uuid

Related topics