So we have to create visualizations on raw event data in Elasticsearch. The data would include all the stages for that data in the same index for historical uses. The question is how do we look at data and only get the most recent one in the visualization for each document.
Hi, welcome to the forums! The answer to this depends on exactly how you construct your query. Here are the general options:
-
If you want a table that shows individual documents (no deduplication), then use Discover to configure your table and save it. This can be added to dashboards.
-
If you want to deduplicate using some kind of unique key, then you can do this using a data table visualization. You would use a Terms aggregation to get the unique values, and then a Top Hits metric to get the most recent value for any field.
-
If you want to visualize this as a non-table visualization, like a bar chart, then you do the same thing with the Terms + Top Hits setup, but numeric values only
1 Like
Hello, Thank you for the reply. So I went over the options that you specified. The ultimate goal is to create visualizations on this de-duplicated data. So I tried option 3 but like you said it only works with numeric value. Because of that I do not think I will be able to do that as there are a lot of fields that I need to use.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.