I am trying to create a visualization by considering a min of a start time and max of end time in a day logged by 1000's of documents based on a unique id. How can i perform this in Kibana ? Will scripted field help me here ?
for example
Total Hours: 2 hours is calculated from Doc1 and Doc2 with uniqueid : unique1
Doc 1
{
"runid" : "Unique1",
"starttime" : "2018-06-10 T 00:00:15"
"endtime" : "2018-06-10 T 00:48:15"
}
Doc2
{
"runid" : "Unique1",
"starttime" : "2018-06-10 T 00:50:15"
"endtime" : "2018-06-10 T 02:00:15"
}
Total Hours: 45mins is calculated from Doc3 and Doc4 with uniqueid : unique2
Doc 3
{
"runid" : "Unique2",
"starttime" : "2018-06-10 T 00:00:20"
"endtime" : "2018-06-10 T 00:26:15"
}
Doc4
{
"runid" : "Unique2",
"starttime" : "2018-06-10 T 00:27:15"
"endtime" : "2018-06-10 T 00:45:20"
}
this is unfortunately not possible with scripted fields, since scripted fields can only be used to calculate a value within one document. In you case you actually need to look across multiple documents to come up with the result.
I think the only way to calculate this would be a scripted fields aggregation, where you basically have a terms aggregation for the runid on the outer level and then nest a scripted fields, that keeps on reducing the min/max value of all fields, and in the end (reduce_script) actually calculate the difference between those two absolute min/max within that bucket.
Scripted metrics field are not yet supported in Kibana, you can track #2646 to stay informed about scripted metrics field aggregation.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.