Transforming multiple documents to a single document for a Kibana visualization

Rowan · April 12, 2020, 1:50am

Hi,

I have the following documents in the same Index

timestamp | sessionID=123 | IPAddress="1.1.1.1"
timestamp | sessionID=123 | username=harry
timestamp | sessionID=123 | error=1002
timestamp | sessionID=123 | reconnect=true
timestamp | sessionID=123 | error=1004

I would like to be able to turn this into a DataTable visualization that looks like this:

Session ID | Username | Count(error) | Count(reconnect)

Is it possible to transform the documents into a new Index?

Ideally I would like this to be a realtime/continuous transformation.

Thanks

Christian_Dahlqvist · April 13, 2020, 8:12am

I am not sure I exactly understand the data or how you expect it to end up, but suspect you might want to look at the new transforms feature.

system · May 11, 2020, 8:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Show "latest" document, actually a composite of latest seen field values Elasticsearch	4	418	June 22, 2020
Doing visualization from multiple documents Kibana	2	493	January 30, 2018
Multiple index issue when querying same document Elasticsearch	3	429	June 24, 2019
Order of documents when using a transform Kibana	5	299	January 13, 2023
DataTable with two different indices Kibana	3	1330	September 1, 2018

Transforming multiple documents to a single document for a Kibana visualization

Related topics