Conditional sum metric (sub-total column) in Kibana data table

Question

I need to display subtotal columns in a Kibana data table. Not filtering the entire table, but only certain columns.

I've seen posts about doing conditional counts in a metric's JSON input field:

{
  "script":{
    "inline": "doc['SomeField'].value == 'SomeValue' ?  1 : 0", 
    "lang": "painless"
  }
}

But no reference to conditional sums of numeric data. My loosely expressed need:

sum(btyes) where category = [write]

Alternatively, the Kibana Enhanced Table plugin was suggested as a way to implement computed columns.

Is it possible to achieve conditional sums using JSON input on a specific data table metric? Is anyone using the plugin? Should it be done upstream in an elasticsearch index? What is best practice?

score 0 · Answer 1 · answered Nov 21 '19 at 18:44

0

Solution is a simple change to show the actual value in the true condition, rather than a 1 for counting :

{
  "script" : "doc['category.keyword'].value == 'write' ? doc['bytes'].value : 0"
}

answered Nov 21 '19 at 18:44

Kris

1
1

Conditional sum metric (sub-total column) in Kibana data table

1 Answers1