Help on a query with dev tools

Hi there, I'm trying to get the first occurence of the logs containing a given {user_uuid + user_agent}, the objective being to retrieve the my users' user_agent (both platform and string) at the time of the first connexion.
I tried to do it using data tables visualization but the most precise time interval with this tool is too broad (it says : "This interval creates too many buckets to show in the selected time range, so it has been scaled to 3 hours), which prevents me from identifying logs associated to the account creation (the relevant log is mixed with other logs from the same time interval).
I think running a query using dev tools is the good way to proceed, but we don't have good experience with queries on Kibana I'm affraid... Would someone have an idea regarding the query I should run ?

FYI, here is a more concrete explanation of what I'm looking for :

Thanks a lot in advance for your help !

Cheers,

Pierre-Philippe

hi @Pierre-Philippe

Use a top-hits aggregation https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-top-hits-aggregation.html

It's supported by a lot of visualizations, e.g. you can create a datatable or metric for the top-hit you are interested in.

Hey Thomas,

Thanks a lot for your answer. I must admit I looked at the visualization options but I didn't find it in he drop-down menu so I guess you really have to use code to use that kind of aggregation. Nevertheless, I eventually manage to get the level of details I was looking for by tightening the period of study so I'm all good now.

Thanks for your help anyway !

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.