0

Using Kibana, is it possible to display one row of data which is a summary of other rows?

This is our requirement:

Given an entry in an index with the following structure:

string  requestId
boolean raisedException
boolean requiredExternalLookup

We want to create a tabular output with the following structure

requestId   numberRaisedException numberNoException numberRequiredLookup

So, if there were three rows (or entries) in the index for the same request id, two where an exception was raised, the output may look like this:

requestId           numberRaisedException  numberNoException numberRequiredLookup
REQUEST_123         2                      1                 3

Presumably the correct Kibana visualization widget to represent this would be a Data Table. But how in Kibana would one create a row like the above which is a summary of several rows, somewhat akin to a sql GROUP BY clause. Is it at all possible?

user1052610
  • 4,440
  • 13
  • 50
  • 101

1 Answers1

0

You can probably do this with 'scripted_fields', but the status of the 'scripted_fields' feature in kibana isn't clear. I think it was recently blocked in kibana due to security issues - Leaving this open is dangerous since you can do anything.

If you have access to your elasticsearch cluster then you might be able to create the field on your elasticsearch index.

You can read about it here : http://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-script-fields.html

gillyb
  • 8,760
  • 8
  • 53
  • 80