This could be more than just Kibana 4, but that's where I want to do it. I love doing pivot tables to quickly drill through a result set, especially with multiple charts on the same dashboard where I can peer into my datasets. One thing that's really missing is an aggregation on datetime types for min and max. Typically, I call these first heard, last heard, respectively.
For a simple use case, I have logstash forwarding logs of http activity. I'd like to be able to group the activity by maybe user agent and split by host header. I'd like to know the count of this selection, then sub by first heard, then last heard.
I can use this information to detect the earliest time of malware with a specific user agent, for example.
Any ideas? Can this be done with a custom query in Kibana? Feature request for 4.1?
