Is there a way in which I can add the fields of an aggregated log.
For example, I select a MAX aggregation on the field timestamp and the log with the maximum timestamp is selected in the data table.
Now I want to add fields of that log with maximum timestamp. The only way is that I create a bucket on it but if the term has multiple values, it split the rows respectively. I just want to add that field like we add fields in the discover tab.
I know I can save a search and import it in a dashboard but in search can I aggregate and select the log with Maximum timestamp? For that I have to use a data table and the only way to add field is to create a bucket on the term, adding fields of the log is much easier in search which is done without making a bucket on this field.
Hey @saramali,
I'm not sure I'm following. Can you describe what you want to do? Is it creating a data table? Or being able to construct a search?
I want to create a data table but for adding a term I need to create a bucket. Is there a way using which I can add a field without creating a bucket?
I don't think so. Visualizations are designed to display aggregated data. You might want to look into using Time Series Visual Builder as that is intended to solve other use cases.