Group by kibana Query

chamod_maduranga · June 8, 2022, 2:28am

I have fields ID, Type, Count and timestamp as follows:

{ "ID": "15211", "Type": "C", "count": "17", "timestamp": "Jun 3, 2022 @ 12:26:34.000",....},
{ "ID": "11243", "Type": "C", "count": "64", "timestamp": "Jun 1, 2022 @ 11:16:34.000",....},
{ "ID": "11245", "Type": "B", "count": "127", "timestamp": "Jun 4, 2022 @ 09:46:34.000",....},
{ "ID": "159392", "Type": "A", "count": "63", "timestamp": "Jun 5, 2022 @ 04:22:34.000",....},
{ "ID": "123434", "Type": "B", "count": "567", "timestamp": "Jun 1, 2022 @ 11:35:34.000",....},

I would like to get the latest(based on timestamp) data for each "Type"

{ "Type": "C", "Count": ["17"],"ID": "15211",,"timestamp": "Jun 3, 2022 @ 12:26:34.000"}
{ "Type": "B", "Count": ["127"],"ID": "11245",,"timestamp": "Jun 4, 2022 @ 09:46:34.000"}
{ "Type": "A", "Count": ["17"],"ID": "15211",,"timestamp": "Jun 3, 2022 @ 12:26:34.000"}

What is the best way to do something like this in OpenSearch, Kibana?

system · June 8, 2022, 2:28am

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

Tomo_M · June 8, 2022, 9:08am

Duplicated posts?

system · July 6, 2022, 9:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.