We are using an aggregated based kibana table that displays a bunch of users who had poor calls and where the majority of those poor calls took place, etc...(the user is set as the bucket).
For each user, we would like to display the "top" location, call type and connection type used for those poor calls.
I initially thought that we could use the "top hit" aggregation to display the most recurring document for each of those fields but I think it's only displaying the most recent document for each of those fields.
I believe you are looking for an additional bucket in your scenario.
If you add a second bucket where you split the row on the location you'll get something like this:
user
count
location
location type
etc
john
5
Chigago
alpha
x
john
3
NY
alpha
x
mary
3
LA
alpha
x
Where john has a total of 5+3=8 counts and was the most observer in the chicago location.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
