I would like to use an aggregate to find the max of a value and show it in a table.
This works fine, but adding a column for a field in the aggregate is not so straightforward.
basically, can I display a .keyword for some bit of data in the document that is associated with the max?
here is an example, let's say i have a series of documents formatted like this:
{
"@timestamp":"<TIMESTAMP>",
"tag":"<STRING_VALUE>",
"value":"<FLOAT_VALUE>"
}
i would like to get a max aggregate of "value" but display "tag" somewhere in the visualisation somewhere
Hi there, here is a small demo I created using our sample data:
In this example I used a Top Hit aggregation to expose the Carrier field as a column in the table of max ticket prices per day. The Carrier field is analogous to the tag field in your example. Does this help give you an idea of how you can accomplish your goal?
Thanks,
CJ
This seems ok, but it does mean if i use the Min aggregation i will have to change the Top hit Sort On to Ascending. Correct?
Yes, I think that's right. And you'll want to change the "Sort on" field to sort on the field you're performing the Min aggregation on (AvgTicketPrice in my example, value in your case).
ok thank you. this seemed to work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
