Newbie to the ELK stack and semi-technical. Our use case is to use the stack to run some analytics for pricing and product data broken down by different multi-value fields. I will start with source data structure and what has been done, followed by questions.
Note: this past post is very similar and unfortunately a solution has not been posted/described for us to try (past post)
-
Data - we receive product sales and quantity based on different regions and stores. The regions and stores are dynamic and differ by product. Here's sample data with following fields in order - ProductName, Sales (), Regions (with sales) and Stores (with quantity)
Data (there is timestamp field as well):
ProductA, $100,000, ["Region 1": $25,000, "Region 2": $30,000, "Region 3": $45,000], ["Store 101": 100, "Store 215": 355, "Store 189": 417, "Store 39?": 55]
Product B ...similar data
Product A...similar data -
We attempted to solve this using Nested data type to store the values as described here (https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html). We are able to see the index parsing these multifields, however Kibana is not able to recognize these values as independent fields to aggregate. Our requirement is to create aggregations by Region, Store and Product together and separately. Here's sample mapping we used to test this out
"Regions": {
"type": "nested" ,
"properties": {
"Region": {
"type": "text"
},
"sales": {
"type": "float"
}
}
}
}
- Is this possible? or is there a better design or approach? We are unsure if we have to create separate fields while ingestion to hold this data which defeats the purpose
As indicated, I am not that technical so please ask questions if the above is unclear.
Thanks