Hi,
I'm forwarding event logs for 75 servers to elasticsearch. I would like to be able to run a query that lets me check the past 24 hours for all the UNIQUE entries in the agent.hostnames field. It should come back with...75 names!
is a there way to do this!?
Hey,
using aggregations is the way to go here. One way would be to use the cardinality aggregation (make sure to read the docs about this one being probabilistic) or use an terms aggregation if you interested in concrete values.
--Alex
Thank you for replying Alex. I will read the docs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.