I'm having trouble trying to implement a filter in Kibana visualization that shows unique counts of a string within certain time periods.
I want to show the unique count of a field in a date range of 0-7 days, and then the unique count of that same field for anything after 8+ days minus values that have already appeared in 0-7 days. In other words, I want to show subset A and subset B but not values that are of A and B using date as the criteria.
Using NOT on a date range does not seem to work. Seems like a simple logic problem but I am struggling. Any suggestions?
@infamous Elasticsearch doesn't support this type of query, and has limited join support
You can get pretty close to what you're looking for using a bar graph with the following configuration, but it's not excluding items from the 8+ days group that have appeared in the 0-7 days group:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
