How can I represent the most recurring document in a Kibana table?

KristinaRaja · September 18, 2023, 6:46pm

We are using an aggregated based kibana table that displays a bunch of users who had poor calls and where the majority of those poor calls took place, etc...(the user is set as the bucket).

For each user, we would like to display the "top" location, call type and connection type used for those poor calls.

I initially thought that we could use the "top hit" aggregation to display the most recurring document for each of those fields but I think it's only displaying the most recent document for each of those fields.

Is there a way to achieve what we want to do?

sholzhauer · September 19, 2023, 7:32pm

I believe you are looking for an additional bucket in your scenario.
If you add a second bucket where you split the row on the location you'll get something like this:

user	count	location	location type	etc
john	5	Chigago	alpha	x
john	3	NY	alpha	x
mary	3	LA	alpha	x

Where john has a total of 5+3=8 counts and was the most observer in the chicago location.

Is this what you are looking for?

KristinaRaja · September 21, 2023, 1:44pm

This brings me closer to what I was trying to achieve, thanks!