i need display report on kibana aggregate results based on multiple date intervals. times mapped float data type along timestamp.
example:
jobs, yesterday, last week, last quarters job 1, 5hr, 10 hr, 60 hr what best way es , kibana?
given want display as:
job n | range 1 | range 2 | range 3 | ... | range n
this may difficult in kibana because of how likes split data table, it's best know how before try visualize it:
{ "size" : 0, "aggs" : { "per_job": { "terms": { "field": "job", "size": 10 }, "aggs": { "ranges": { "date_range": { "field": "timestamp", "ranges": [ { "from": "now-1d/d" }, { "from" : "now-7d/d" }, { "from": "now-3m/m" } ] }, "aggs": { "worked": { "sum": { "field": "hours" } } } } } } } } what providing? grouping each job, splitting each job 3 bucketed date ranges, each being longer versions of previous range (notice there's no "to" specified, specify "to" : "now"), each date range's split summed on field of interest, assume named hours.
how can use in kibana? well, kibana visualization tool build these aggregations , chart or otherwise display them.
the top level aggregation therefore going terms aggregation. secondary or "sub-bucket" date range, , metric (above buckets) sum.
unfortunately, given seem want table view of it, there's no way aware of separate date ranges add row unless accept 1 table per job:
