Hi Team,
I have created an index with information like userid, name, loglevel (ERROR,WARN,DEBUG), logtime and the logmessage.
I wanted to know which user has got the maximum error count. I am able to create the kibana query.
GET testmetrics/_search
{
"size": 0,
"query": {
"match": {
"level": "ERROR"
}
},"aggs": {
"useraggs": {
"terms": {
"field": "user.keyword",
"order": {
"_count": "desc"
},"size": 1
}
}
}
}
How do I achieve the same in Visualization in Kibana.
Thanks
Loki
Hey @eswarloges,
You can achieve it using Data Table visualisation. Choose Count from the Metrics section and in Buckets select Split Rows -> Terms (in Aggregation). Next select the user as the field and select the other options as required. Finally add a filter(use the + Add a filter option just below the search box) with the field as Level and value as ERROR. Apply the changes to generate the data table.
Regards
I want to display the metric only for the user with highest ERROR.
This is what I did.
In kibana visualization
I am getting 3 metrics as a result
But I want to display only the user with maximum value ie User1
Thanks,
Loki
There's a size option in the query. If you set it to "1," does that give you what you're looking for?
It worked. Thanks all 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.