Chart multipile fields in Kibana
Question
I am trying to create a pie chart in Kibana (V2.3.1) which displays values from multiple fields.
Lets say I got documents representing humans with the following fields: (representing if the finger is bent or straight) Human 1:
- human.right_arm.thumb = bent
- human.right_arm.pinky = straight
- human.left_arm.thumb = straight
- human.left_arm.pinky = half-bent
Human 2:
- human.right_arm.thumb = straight
- human.right_arm.pinky = bent
- human.left_arm.thumb = half-bent
- human.left_arm.pinky = half-bent
Now I want to create a pie chart on the status of all the fingers. It would create a result like:
- bent (= 2) = 25% coverage of the pie
- straight (= 3) = 37.5% coverage of the pie
- half-bent (= 3) = 37.5% coverage of the pie
In Kibana I can only split one field per chart. So how do I combine the results for all fingers?
And how can I get the same status but then from all the thumbs?
I think scripted fields are the way to go, but I cannot figure out how since as far as I can see the aggregation only combines the results of fields while it should represent a set of fields ("all fingers" or "all thumbs").
I searched the web and found similar issues but never a clear answer.
If necessary I can make changes in Logstash. We use the ruby/code filter to define these fields.
Note: Sadly I am not able to update our ELK stack to a newer version.
1 answers
solution1
1 ACCPTED 2017-07-20 15:19:28
Can you make the state of the finger an separate aggregatable field? Then you'll be able to create a pie chart with a count metric and split the slices by terms and then choose the field with the name of the state of the finger.
Eg.
Otherwise, this scripted field might work (not tested since I don't have the necessary setup):
def fingerState = doc['whatever the field is called'].value;
if (fingerState != null)
{
int index = fingerState.lastIndexOf('=');
if (index > 0)
{
return fingerState.substring(index+1);
}
}
return fingerState; //this will return the whole thing if for some reason this format isnt consistent
As for the second question, you can do something like
but for this to work you need to make the state of finger aggregatable.
Hope this works and that it's compatible with your version on ELK (I'm using 5.2)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.