Scripted fields to concatenate field names

Grafana Elasticsearch
1

I was trying to create a scripted field of my data by concatenating 2 fields so that I could group results on my dashboard in the x-axis by this field. I was able to do this in kibana by creating a scripted field as such:

return doc['srcAS'].value + '-' + doc['dstAS'].value

I was then able to create visualizations where this scripted field was used as the terms bucket for the x-axis.
Is there anyway to do this in grafana?

Thanks,
N

2

This is the query that I see Grafana sends to ES:

"{"search_type":"query_then_fetch","ignore_unavailable":true,"index":["sflow-2017.10.23","sflow-2017.10.24"]} {"size":0,"query":{"bool":{"filter":[{"range":{"@timestamp":{"gte":"1508731200000","lte":"1508817599999","format":"epoch_millis"}}},{"query_string":{"analyze_wildcard":true,"query":"*"}}]}},"aggs":{"3":{"terms":{"field":"srcAS.asn","size":10,"order":{"1":"desc"},"min_doc_count":1},"aggs":{"1":{"sum":{"field":"PacketSize"}},"2":{"date_histogram":{"interval":"1d","field":"@timestamp","min_doc_count":0,"extended_bounds":{"min":"1508731200000","max":"1508817599999"},"format":"epoch_millis"},"aggs":{"1":{"sum":{"field":"PacketSize","script":{"inline":"_value * doc['SampleRate'].value"}}}}}}}}} "

This is the request Kibana sends:

"query": {
  "bool": {
    "must": [
      {
        "query_string": {
          "analyze_wildcard": true,
          "query": "*"
        }
      },
      {
        "range": {
          "@timestamp": {
            "gte": 1508731200000,
            "lte": 1508817599999,
            "format": "epoch_millis"
          }
        }
      }
    ],
    "must_not": []
  }
},
"size": 0,
"_source": {
  "excludes": []
},
"aggs": {
  "3": {
    "terms": {
      "script": {
        "inline": "return doc['srcAS.asn'].value + '-' + doc['dstAS.asn'].value",
        "lang": "painless"
      },
      "size": 10,
      "order": {
        "2": "desc"
      },
      "valueType": "string"
    },
    "aggs": {
      "2": {
        "sum": {
          "field": "PacketSize",
          "script": "doc['PacketSize'].value * doc['SampleRate'].value * 0.000000000001"
        }
      }
    }
  }
}
}
3

Like this?

https://localhost:3000/t/basic-elastic-search-query/1543/4

4

It is somewhat like that, but instead of using that script field as a metric, I want to use it as the field for the “Group By” or X-axis bucket.

Currently, in Grafana, I have this:

37 AM
37 AM1177×44 2.54 KB

Where each of those numbers is a single field. I want to achieve something like this, where the metric is performed on an aggregation of 2 fields:

36 AM
36 AM973×109 8.53 KB

5

I notice I am able to do multiple “Group By” sections, and it gives me something closer to what I want in the legend. But it shows 100 total bars, when I want only 10.

6

I don’t know then - doesn’t look like it is currently possible.

7

This feature request was the closest I could find to what you need: