I'm planning on having live data streaming to kibana on elasticsearch. The fields of concern will be "failure" (0 or 1), region (e.g. region 1-12) and a unique endpoint identifier. What I'd like to do is have a query which counts failures per region without counting the same endpoint more than once. I could then adjust this to 5 minute intervals and then graph as multiple lines per region it if the query is feasible. I'd really appreciate any help with this as I'm very new to kibana and elastic search :). Thank you!
Hey @ammaars,
I think you may be able to accomplish what you want with a pipeline aggregation.
See my screenshots using the sample data that ships with Kibana. I'm using hour_of_day: 17, but you could use something like failure: 1 instead, and regions instead of DestCountry. I'm using Max to ensure that each country is only getting counted once per time window.
Is this helpful?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.