DevOps Reference
π οΈ Operations Tools
π₯οΈ Command Generator Docker Setup & Build
Docker Core Reference
Docker Operations
Git Reference
GitLab CI/CD
AWS Core Services
AWS Infrastructure & Security
Dev Tools & Management
Setting Up a Transform
- Navigate to Stack Management in Kibana.
- Click on Transforms.
- Click Create Transform.
- Select the source index(es) containing your data.
- Configure Group by fields - this defines how data is aggregated into buckets.
- Define the aggregations you want to perform (e.g., sum, avg, count).
- Set the destination index where results will be stored.
- Configure frequency and start the transform.
Why Group By is Extremely Important:
The Group By configuration determines how your source data is bucketed and aggregated. For example:
- Grouping by
user_idcreates one document per user, aggregating all their events. - Grouping by
timestamp(e.g., by day) creates daily summaries. - Without proper grouping, you might aggregate all data into a single document or create too many individual documents.
What Happens During Transform Execution:
Once started, the transform continuously monitors the source index for new data. It applies the defined aggregations based on the group by fields and writes the summarized results to the destination index. This creates a denormalized, pre-aggregated view of your data that's optimized for fast queries and dashboards.