Kibana Visualize - How to aggregate data with two string field values?

Question

I have data as follows in ElasticSearch:

timestamp                          item_id    item_status
January 24th 2018, 12:06:34.287    1          Processing
January 24th 2018, 12:10:14.310    1          Completed
January 25th 2018, 07:21:30.876    2          Cancelled
January 26th 2018, 09:11:55.775    3          Completed

I want to query this data such that I can get all items that have had both Processing and Completed as their status. In my case, my query result would just be:

item_id
1

timestamp is a timestamp field and item_id & item_status are string fields.

How can I do this with Kibana Visualization? I have been doing something similar to https://discuss.elastic.co/t/how-can-i-make-visualization-with-group-by/43569/2 and Run a simple sql group by query in kibana 4 but it did not really get me what I wanted.

Thanks in advance!

In a simple query, and not using a visualization, this is perfectly possible. I haven't found a way to do it in Kibana 5 or 6. — Andrei Stefan, Jan 25 '18 at 08:05

score 0 · Answer 1 · answered Jan 26 '18 at 00:45

In a Kibana visualization, if you add a query string or a filter, and save the visualization, then the visualization will apply these on top of any other filters that you would use when using a dashboard.

If you plan to apply these filters to multiple visualizations, then you can first make a saved search in the Discover mode, and when making the visualization, create from the saved search (Visualize > New > From a saved search.

Kibana Visualize - How to aggregate data with two string field values?

1 Answers1