Hi there,
I've tried having a look but cant find anything which looks like it would fit what im trying to achieve!
I'm trying to find a way to utilise a visualisation, which takes some of the results from a previous visualisation to display them in another. Confused? As am i...
Im trying to run a visualisation which shows a certain field, lets say proc.name, and it gives me a count of the top 5 over a week time period.
I want to take the 5 values which are seen as the top 5 from proc.name for the whole week, but be able to track them over a shorter timescale, be it daily or hourly (daily will be what im aiming for).
If i try to create a separate visualisation using this over a lined graph, i get more than the top 5, as i assume it is recalculating what the top 5 is each day as this fluctuates. (on day 1 its process x, on day 2 its process y, on day 3 process X appears again) so it looks quite messy.
Is there a way for me to run the query which gives me the top 5 over the most recent week period, to then just show those top 5 during my more granular timescale ? I think i could do it manually if i worked out the top 5 values i had and entered them manually but i wanted this to be more automated... i suppose the SQL equivalent could be, but not exactly what covering with the time scale factors
SELECT X
FROM Y
WHERE X IN
(SELECT Top 5 X
FROM Y
order by X desc)
If anyone has any ideas of how or where i could start to turn my efforts would be appreciated, i've tried to hijack bits of the visualisation but from the request element on kibana but not having much joy linking or nesting them.
Cheers for any advice/guidance offered!