Vertical COALESCING


#1

Hi,
I have two documents (?) with 3 index:

@timestamp                       request_id                                  exit      process_id
May 18th 2018, 17:17:36.074	     965ff327-5aae-11e8-a5e5-196607b31323	     -         96608fdb-5aae-11e8-98d0-4d98e324480e
May 18th 2018, 17:17:35.324	     965ff327-5aae-11e8-a5e5-196607b31323	     400       - 

As you can see request_id is the same for both documents, but in one case exist exit
but not process_id and vice-versa. What I would is having a saved search result in Kibana that will return something like that:

@timestamp                       request_id                                  exit        process_id
May 18th 2018, 17:17:36.074	     965ff327-5aae-11e8-a5e5-196607b31323	     400         96608fdb-5aae-11e8-98d0-4d98e324480e

I have aggregate the result based on request_id:

GET cwl-2018.05.18/_search
{
  "size":"0",
  "aggs" : {
    "aggregate_req_id" : {
      "terms" : { "field" : "request_id.keyword" }
    }
  }
}

Now I have a response with result of aggregation, sayng that for each bucket there are two documents. I would vertically coalesce that aggregation, so each bucket has a single document. I'm searching for resource but i can't find no more


(Mark Walkom) #2

There's currently no way to do that sorry to say.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.