Group by field and remove a complete group if it contains a certain value in a second field

Hello there,
we are testing some Kibana usecases and of course I got some problems I'm not able to solve right now.

We are logging printed documents and their lifetime in json format. Each application ( 5 overall) the document passes, sends a json message to elasticsearch.
In a simplified view, we have as fields a doc_id, which is the unique identifier for a single document. Each json message from the applications contains this doc_id.
As second field we have a field called outmode, which represents the application, which the document has passed.

As example for a document lifecycle:
doc_id: 1234

Message from application 1 contains:
doc_id = 1234
outmode = application_1

Message from application 2 contains:
doc_id = 1234
outmode = application_2

Message from application 3 contains:
doc_id = 1234
outmode = application_3

Message from application 4 contains:
doc_id = 1234
outmode = application_4

Message from application 5 contains:
doc_id = 1234
outmode = application_5

The target is, to see all documents, which passed a certain number of applications, for example application_1 to application_3.
The documents which have proceeded further then application_3 should not be displayed.
The documents which have passed application_1 and application_2, but not application_3 should not be displayed as well.

For any additional information, don't hesitate to ask.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.