Group by and having max field

Elastic Stack Kibana
1

Hi I have a data in kibana as below

image
image1572×854 82.4 KB

What I am trying to do is to get the only journeyId.keyword 's which has max IndexInEntry

for example this is the response I want to get
c4ca5cfaedbfa3f6de4feb1590002c50 3
c9f6ddd6aa84641571f4cf8a02374d7c 5
d94eed3c8d138c4588ea4ff8cb1f0ce0 5
.
.
.
Is there a way to do it with kql ?
Also I am trying to do it by writing some filtering but couldnt make it.

image
image1486×618 57.6 KB

also this query dsl is not accepting

image
image817×448 18.8 KB

would be happy if I can get an idea about how to achieve this thanks in advance!

2

Hello,
yes, you can achieve it, but you need a tool for aggregating your data. Discover won't work here. Do you need an exact timestamp or only Id and max IndexInEntry? For example, solution in Lens: (Replace customer_id by JourneyId.keyword and products.base_price by IndexInEntry).

Screenshot 2022-03-24 at 11.50.29
Screenshot 2022-03-24 at 11.50.292174×1136 221 KB

If you need to also display a timestamp, that unfortunately is not possible here.

3

thanks for the answer Marta but yes I want not only timestamp but also other fields that doesnt exist in the ss :(. I want to visualize those information thats why I need to filter them as I want first but seems no chance.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.