I am trying to create a report in Kibana to show all entries with zero count older than 60 days. I can create a filter to get the time range, but Kibana is not showing any records with zero count. I can't find any option to enable this.
is this feasible?
Can you expand more on this so that I can understand better what you need?
Do you have a field that is 0 or do you want to see all the days when there was no document ingested in that day?
I have a system that reports build events. One entry in ELasticSearch per build with summary data. Each build is performed against a profile. I would like to report every profile which has no build events within the last 60 days.
My X-Axis is Terms, with the field being the profile name. The Y-AXIS is Count aggregation. Kibana shows any entry with a count of 1 or more. I want to show only those terms with a count of zero.
I do not think it is possible to display only the ones with no documents. What you could do and still get your reports, would be to create a watch that looks for count < 1 over the last 60 days in the buckets split with a Terms aggregation on the "profile" field. If you don't have that many profiles, you could create a watch for each of them, which would be a lot safer. You have some example watches here: https://www.elastic.co/guide/en/x-pack/6.2/watching-meetup-data.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.