Tag cloud based on sum of fields

I'm just starting with Kibana and want to create a Tag Cloud. The index I’m using stores documents that are posted each hour and contain counts from up to 200 counters. A sample of the data is as follows:

{
    "_index": "counters",
    "_type": "_doc",
    "_id": "Q7HU428BKC2y1k9Xjhvc",
    "_score": 1.0,
    "_source": {
        "countDate": "2020-01-17T00:00:00",
        "counters": {
            "counter_a": 25,
            "counter_b": 12,
            "counter_c": 7,
            "total": 150
        }
    }
}

I would like the tag cloud to show the counter names (counter_a, counter_b, etc) in proportion to a summation of the counts from all the documents – i.e. the sum of counter_a across all documents would be 1,100, the sum of counter_b would be 650 & the sum of counter_c would be 330. Therefore the font size of counter_a would be the largest while counter_c would be the smallest and counter_b would be in between.

Is what I’m asking doable? If so, how would I get started? I do have the flexibility of re-creating the index with a different mapping if required to achieve my goal.

Hi @bcalder,

If you would ingest your counter values as separate documents like this:
{ "countDate": "2020-01-17T00:00:00", "counterName": "counter_a", "counterValue": 25 } ,
{ "countDate": "2020-01-17T00:00:00", "counterName": "counter_b", "counterValue": 12 } ,
{ "countDate": "2020-01-17T00:00:00", "counterName": "counter_c", "counterValue": 7 },
{ "countDate": "2020-01-17T00:00:00", "counterName": "total", "counterValue": 150 }

Then you should be able to get this visualization by using a Terms aggregation on the counterName field for the Tags and a Sum aggregation on the counterValue field for the Tag size.

I refactored my custom NiFi processor to push documents to Elasticsearch using the mapping you recommended and the Tag Cloud rendered perfectly! This revised mapping helps a lot with other visualizations I've been working on.