Transforming multiple documents to a single document for a Kibana visualization

Rowan · April 12, 2020, 1:50am

Hi,

I have the following documents in the same Index

timestamp | sessionID=123 | IPAddress="1.1.1.1"
timestamp | sessionID=123 | username=harry
timestamp | sessionID=123 | error=1002
timestamp | sessionID=123 | reconnect=true
timestamp | sessionID=123 | error=1004

I would like to be able to turn this into a DataTable visualization that looks like this:

Session ID | Username | Count(error) | Count(reconnect)

Is it possible to transform the documents into a new Index?

Ideally I would like this to be a realtime/continuous transformation.

Thanks

Christian_Dahlqvist · April 13, 2020, 8:12am

I am not sure I exactly understand the data or how you expect it to end up, but suspect you might want to look at the new transforms feature.

system · May 11, 2020, 8:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.