Transforming multiple documents to a single document for a Kibana visualization

Rowan · April 12, 2020, 1:50am

Hi,

I have the following documents in the same Index

timestamp | sessionID=123 | IPAddress="1.1.1.1"
timestamp | sessionID=123 | username=harry
timestamp | sessionID=123 | error=1002
timestamp | sessionID=123 | reconnect=true
timestamp | sessionID=123 | error=1004

I would like to be able to turn this into a DataTable visualization that looks like this:

Session ID | Username | Count(error) | Count(reconnect)

Is it possible to transform the documents into a new Index?

Ideally I would like this to be a realtime/continuous transformation.

Thanks

Christian_Dahlqvist · April 13, 2020, 8:12am

I am not sure I exactly understand the data or how you expect it to end up, but suspect you might want to look at the new transforms feature.

Topic		Replies	Views
Combine connect and disconnect documents with transform? Elasticsearch transforms	3	111	January 9, 2025
Latest full document in transform Elasticsearch	5	1112	March 31, 2020
Doing visualization from multiple documents Kibana	2	526	January 30, 2018
Aggregate docs to present a single constructed visualization Kibana	2	308	June 4, 2018
What is the most (time-)efficient way to "join" two indexes in elasticsearch? Kibana transforms	6	1443	April 29, 2024

Transforming multiple documents to a single document for a Kibana visualization

Related topics