Displaying Clusters of Last Hits on Kibana Maps

TL;DR: Is there a way to configure Kibana maps to display clusters based only on the last hits for each entity, rather than aggregating all hits over the selected timeframe?

Hello Elastic Community

I'm currently working on a project where I need to visualize the last hits for certain entities on Kibana maps. I've successfully used the 'Last Hit Layer' to show these last hits. However, I'm facing a challenge with clustering these last hits.

Ideally, I want to see clusters of just these last hits. Currently, the 'Clusters Layer' in Kibana maps aggregates all hits over the selected time frame, which doesn't fit my requirement as I only need to cluster the last hits.

Is there a way to configure the map to show clusters based solely on the last hits for each entity? Any guidance or workaround to achieve this would be greatly appreciated.

Thank you in advance for your assistance!

That is not supported by the Maps application at this moment.

I'm unsure if you can combine the top hits metric agg with a geo-tile bucket agg and put all together on a Vega visualization where you have the liberty to set up your own custom query.

My bet, though (also for performance reasons), would rather go on setting up a Latest Transform that generates a side index with your latest documents per entity, and then render that one as a regular cluster layer in Maps.

The transform idea was great, exactly what I needed. Thank you very much!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.