Kibana: Field value replacement formatter (lookup table)

Created on 23 Sep 2015  路  29Comments  路  Source: elastic/kibana

Often, when I'm visualizing data in Kibana, I have a numeric field (or string ID) in my data that maps to a logical concept that would be easier to understand if it were mapped to a pretty-print string.

To take a simple example: City Crime data

The data contains a field called INCIDENT_TYPE_DESCRIPTION, which has some human readable values, like ROBBERY, but others are harder to intuit, like VAL. In this case, VAL stands for Violator at Large, which would be a much better value to show in the legend. Similarly, the ReptDistrict, has string values like D4 that correspond to more useful terms like "South End".

It would be excellent if there was a way to map the values of a particular field to strings I specify. While Legends are the most useful place for me, it might be nice to be able to see the readable version everywhere we show the field, though it would be important to have the original value present when viewing the document detailed table view, for example.

For the purposes of this issue, a static mapping is sufficient, though a follow-on feature request would be to allow dynamic lookups of some kind. Perhaps this fits as a type of field formatter?

enhancement help wanted
Source
picture skearns64
👍21

Most helpful comment

via @kellihall

Describe the feature:
Would love to have Lookup Table functionality added to the Kibana interface. This would be the equivalent to what is in the Splunk interface.
For example:

  • I have an index with member information, and part of their information is the state they live in, but it's abbreviated.
  • I have a second index that has state information, including the abbreviation, full state name, etc.
  • In Splunk, you would simply tell the system to get the state's full name from the other index by identifying it as a lookup table.
  • Having a very simple way of doing this in Kibana would be awesomely efficient.
picture tbragin on 4 Nov 2016
👍8

All 29 comments

+1 It would be excellent

AnkurMathur14 picture AnkurMathur14 on 26 Sep 2015

If someone is interested in creating this field formatted they could check out the string formatter for an example.

All on the properties of this class are important except the transformOpts (Which are simply used by the editor) and _base64Decode (which is used by the _convert() method)

spalger picture spalger on 29 Sep 2015

Can you tell me how to deploy and use the string formatter example? We're running Kibana 4.1.2 and I'd love to be able to convert some specific string ID's to human-readable format.

dw-milla picture dw-milla on 11 Nov 2015

+1

lijamie98 picture lijamie98 on 12 Jan 2016

Will this be considered? Similar to #4361?

I've managed to get my display label via parent/child inner_hits, but Kibana is not allowing inner hit fields to be used.

guruxu picture guruxu on 14 Oct 2016

@skearns64 Please? Please? You'd be saving my daughter a lot of copying and pasting if you could get this done.

benson-basis picture benson-basis on 25 Oct 2016

via @kellihall

Describe the feature:
Would love to have Lookup Table functionality added to the Kibana interface. This would be the equivalent to what is in the Splunk interface.
For example:

  • I have an index with member information, and part of their information is the state they live in, but it's abbreviated.
  • I have a second index that has state information, including the abbreviation, full state name, etc.
  • In Splunk, you would simply tell the system to get the state's full name from the other index by identifying it as a lookup table.
  • Having a very simple way of doing this in Kibana would be awesomely efficient.
tbragin picture tbragin on 4 Nov 2016
👍8

+1

dortort picture dortort on 23 Feb 2017

+1

dizzzyroma picture dizzzyroma on 9 Mar 2017

馃憤

pemontto picture pemontto on 9 Mar 2017

+1

robinmitra picture robinmitra on 14 Mar 2017

+1

dinnyosz picture dinnyosz on 10 Apr 2017

+1

Kudryavets picture Kudryavets on 24 Apr 2017

+1

sy43165 picture sy43165 on 18 May 2017

+1 definitely very useful

markchagers picture markchagers on 25 Jul 2017

+1

kachenjr picture kachenjr on 26 Jul 2017

+1

ellismendez picture ellismendez on 28 Jul 2017

+1

madkoala picture madkoala on 7 Sep 2017

+1

jag959 picture jag959 on 24 Sep 2017

+1

piotrkochan picture piotrkochan on 23 Nov 2017

+1

jantoniuk picture jantoniuk on 24 Nov 2017

+1

abunet picture abunet on 29 Nov 2017

:+1:

cinhtau picture cinhtau on 21 Feb 2018

+1

guylaurent picture guylaurent on 3 Mar 2018

+1
I'm a newbie here. Is there a way to implement/customize the lookup feature via plugin??

cumulate picture cumulate on 16 May 2018

+1

JoeyJo-JoJuniorShabadoo picture JoeyJo-JoJuniorShabadoo on 18 May 2018

+1

rahulKolluri picture rahulKolluri on 9 Jul 2018

For small sets of values this could be done with a scripted field like this;

if (doc['response.raw'].value == "200") {
  return "OK";
} else if (doc['response.raw'].value == "404") {
  return "Not Found";
} else if (doc['response.raw'].value == "503") {
  return "Redirected";
} else {
  return "Unknown"
}

But you wouldn't want to do that for a lot of potential values.

LeeDr picture LeeDr on 14 Aug 2018

This was address for static lookups by https://github.com/elastic/kibana/pull/19637. For dynamic lookups, we could implement custom script field formatters (https://github.com/elastic/kibana/issues/3585). Closing this in favor of https://github.com/elastic/kibana/issues/3585.

cjcenizal picture cjcenizal on 10 Oct 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

snide picture snide  路  3Comments
tbragin picture tbragin  路  3Comments
ctindel picture ctindel  路  3Comments
stacey-gammon picture stacey-gammon  路  3Comments
timmolter picture timmolter  路  3Comments