I have an aggregation task which requires elasticsearch to aggregate the document count form different countries during most recent hour(round to current hour), and then compare the result to the same time range of yesterday.
I attempted to use Kibana table visualization to aggregate the count of top 5 countries, and the settings are as follows:
The aggregation result is as follows (count is hidden for privacy)
My question is, the top 5 of today, is not the top 5 of yesterday. Is there any setting to have all the top 5 countries of today , and aggregate the same 5 countries during this time range of yesterday?
I know if I aggregate enough countries, say 100 countries, I will most probably get the countries I need. But if I have to add sub buckets, then there will be much more complexity.
I noticed in Kibana Data Histogram, it aggregates on all the appeared countries in all time period (top 6 countries), instead of only the top 5 countries as I set.
