Hello,
I need some advice on how to proceed. I'm trying to visualize some trending I have from an asset discovery tool. Each time the asset is discovered a new array element is added the Elasticsearch document. Here is a sample of the data....
"asset": {
"scan_history": [
{
"scan_time": "2024-01-13T02:21:08.448Z",
"state": "active",
},
{
"state": "remediated",
"scan_time": "2024-02-10T03:17:28.275413292Z",
}
I'm using an area graph, with a data histogram set to a 1M interval. I'd like to report on "state" for each month. For the months of January and February, I'm seeing a count of 1 active and 1 remediated for January and February.
Can anyone recommend the best way of moving forward to treat each array element individually vs. treating the array as a single bucket?
Thank you.