How to tabulate data , without doing any aggregation in Kibana?

Question

How can I tabulate data from events in kibana, without doing any aggregations?

I want to prepare a table containing 3 columns:

1. Hotel Name
2. No. of Rooms
3. Zipcode of Hotel

I want to extract this info from events and populate the table with above three values. How can I do this in Kibana?

Answer 1

You may be able to accomplish this by saving a search in the discover application and adding it to a dashboard directly (skipping the visualize step).

At the top of the "Add" panel in dashboard there is a "Searches" tab:

This tab lists all of the searches that you've saved from Discover and allows you to visualize the raw field values of documents as a table.

Hope that helps!

Answer 2

You can't make a table without aggregating, but (depending on your data) you may be able to get what you want by aggregating first on hotel name (Terms, Field=name, Order=Top, Size=100) then by zip code (Terms, Field=zip). The aggregation is so narrow that there is never more than one hotel in any given bucket.

Then use metric of Sum of number of rooms.

This assumes there are no two same-named hotels in the same zip code. If there are, you'll need to add a third column with some unique identifier.

I tried this using the following mapping

{"name": {"type":"string","index":"not_analyzed"},
 "number-of-rooms":{"type":"integer"},
 "zip": {"type":"string","index":"not_analyzed"}}

It worked fine, with the drawback that the table column header labels are "Top 100 name", "Top 100 zip" and "Sum of number-of-rooms", which isn't very user friendly.