Data Table timestamp on aggregation

Hello,

Kind of stuck on this one so any help would be greatly appreciated.

Lets say my data looks like this:

monitoringtable: apples
value: 100
timestamp: 1-min-interval

monitoringtable: bannana
value: 3000
timestmap: 1-min-interval

where monitoring table is any type of fruit, and every minute there is a record with the value.

What i'm currently trying to do is create a data table that shows for a specified duration (chosen from the time picker), what the max value was for each fruit for that time period.

I've used a filter bucket to filter out the monitoringtable (didn't use field because banana has an unreadable code of the sorts BA-N1-AA) and managed to get the max value, but i can't get the table to show a timestamp for when the max value occurred.

something like:

Filter - Max Value - Time Occured
banana - 1000 - Jan-03-2018

is it possible to display such information?

Thanks a lot

hi @Robert_Naccache,

Do you have these documents index on the timestamp as a date-field? Your index-pattern also needs to be configured with a timestamp-field, otherwise the time-picker won't work.

Can you then try the following?

In Data-Table visualization,
-under Buckets, select split rows, and select a Terms aggregation, and the field would be monitoringtable.

• under Metrics, select the max metric and configure it for the value field.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.