Hi, is this possible to somehow find first time seen value, or new value for field etc? I would like to find on my dashboard only unknow values for specific field (but sometimes I have like 200 values so building query I guess is not good solution).
Can you elaborate?
What is "unknown values"?
If it's in the index it is known, no?!
Let's say it is like IP address, I have some "known" IPs and some day there will be new IP address (which wasn't seen before, or in some period of time), I would like to know when it will happen 
Again, not sure what you are after.
But...
- You can count the number of IPs. Where count = 1 --> new IP.
- Also you can check if static lookup can be useful for you.
Elastic is not a prediction platform, so you cannot predict when an IP value enters the system.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.