Use only unique fields for a visualization

lelwar · November 12, 2019, 2:44am

Hello,
I am logging to elasticsearch requests made by one application. If there is a failure, a second, third, etc petition is made, nothing changes except 2 fields. I need to query to get visualization but only to use one of these documents. Is there a way to do this?

To explain a bit more lets say that I have 4 documents:

    {
number: 345
transactionId: 1
timestamp: 05:41
}

{
number: 345
transactionId: 1
timestamp: 05:42
}

{
number: 670
transactionId: 2
timestamp: 05:43
}

{
number: 720
transactionId: 3
timestamp: 05:44
}

{
number: 140
transactionId: 4
timestamp: 05:45
}

Now I want to do a sum visualization so that doc 1 is used, but not 2 (since is the same transaction). so that the sum of number is 345+670+720+140 instead of 345+345+670+720+140. Is this possible in Kibana? If not can I accomplish this with a script?

regards,

IC

Marius_Dragomir · November 18, 2019, 8:15pm

I don't think this is possible in Kibana. You can ask in the Elasticsearch part of this forum to see if there's a way you can do it with a query.

system · December 16, 2019, 8:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Metrics Visualization : Sum Aggregation, applied to Unique (field based) objects Kibana	2	2785	July 6, 2017
Kibana Visualize - How to aggregate data with two string field values? Kibana	2	5524	February 22, 2018
Canvas: visualize with two different fields within the same index Kibana	3	440	April 20, 2020
Display the sum of a particular field based on other fields Kibana	4	350	June 2, 2020
Kibana visualization search only the latest value Kibana	5	986	February 19, 2020

Use only unique fields for a visualization

Related topics