Calculate count based on the latest document

Suppose we have log files with the following structure :

Doc 1 :
Recieved_at Risk

"2019-06-26T20:32:57.008Z", "High", "VULN1"
"2019-06-26T20:32:57.008Z", "High", "VULN2"
"2019-06-26T20:32:57.008Z", "Meduim", "VULN3"
"2019-06-26T20:32:57.008Z", "Low", "VULN4"
"2019-06-26T20:32:57.008Z", "Low", "VULN5"

Doc 2 : (the latest version of the same doc)
Recieved_at Risk

"2019-16-26T20:32:57.008Z", "High", "VULN1"
"2019-16-26T20:32:57.008Z", "Meduim", "VULN3"
"2019-16-26T20:32:57.008Z", "Low", "VULN4"
"2019-16-26T20:32:57.008Z", "Low", "VULN5"

The two documents are periodically generated from a vulnerability scanner, and they are related to the same target .

I've managed to parse and import those reports to ELK using logstash filters, And now I'm looking for a way to create a visualization (risk dashboard) based on the latest generated report.

I tried to use the count metric, but I don't have control over the date/time parameter.

Is there any possibility to do that ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.