Timelion: Scripted fields not working for "split" when it's applied to different index patterns

Hello everybody!:
The problem I'm experiencing is that apparently scripted fields cannot be aggregated within different patterns.
I have 3 index patterns (that group indices of the same type of logs) that contain a field called "severity_label".
However, in one of them "severity_label" is a scripted field whereas in the other 2 is just a normal field.

When I try to write a Timelion expression for splitting these 3 index patterns based on the field "severity_label", I'm getting the aggregation but only for the first two, the ones where the field is not scripted.
The one that contains "severity_label" as a scripted field does not appear in the visualization.

This is the expression I'm using in Timelion:

.es(index='index1-*, index2-*, index3-*', split=severity_label:5)

I tried running the same expression only under the first two index patterns and it worked. I even tried running it only for the third index pattern (the one that has the scripted field) alone and it also worked.
It fails when you combine index patterns of different types of indices where some of them have the field as scripted and the rest do not.

Are there any workarounds for this?

Thanks in advance!

There is no current workaround. Would you mind opening up an issue at https://github.com/elastic/kibana/issues/new/choose?

Hello Nathan, I have created the issue as you suggested. This is the link: https://github.com/elastic/kibana/issues/20269

Thank you!.

No clues on how this kind of functionality could be achieved?

Basically what I want to do is have a graph that will aggregate across different index patterns. The trick is that in some of them this field will be scripted (imagine that not every index pattern calls the field with the exact same string).

@Nathan_Reese , do you know if this is a Timelion limitation or an Elastic Search limitation?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.