I want to filter the results of a count metric.
Suppose I want to show only the documents whose count is greater than x or less than x or equal.
It's not entirely clear what you want to do but it sounds like you could use a conditional that wraps a drop filter.
if [count] <= x {
drop { }
}
See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html for details.
I have been looking for the solution on the internet from quite a while and I'm still not sure that if it is possible on Kibana or not. Suppose I apply filter on term and it gives me count of the respective terms but I want the results to show only those terms where count equals a specific value. Being more specific, I want to find out the number of tills which are the most busy (most number of transactions). Currently when I apply a filter on term and count it shows me the all the tills with their respective transaction count. What I want is that to show only those tills where the count is equal to let's say 10. In other words a similar functionality like HAVING clause in relational dbms. I have found a lot of work arounds of the same usecase but I'm looking for a solution.
Okay, so it's not a count field but a computed aggregated count similar to a HAVING clause in SQL. I don't see how you could do this in Logstash.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.