How do I count and visualize only latest doc based on certain field?

Doron_Abramovich · September 20, 2023, 12:24pm

Hi everyone
First post here after working for over year with elastic.

I have an index with docs representing items moving from station to station, each doc represents a station.

For example - an item moved between two station will have two docs (random id's):

{
          "sn": "N00000000000",
          "process_id": "0001",
          "process_name": "distance",
          "station_name": "LAPTOP-999",
          "user": "doron",
          "logged": "2023-09-19T14:09:49.342013+03:00"
}
{
          "sn": "N00000000000",
          "process_id": "0002",
          "process_name": "flow",
          "station_name": "LAPTOP-999",
          "user": "doron",
          "logged": "2023-09-20T11:04:12.342013+03:00"
}

I am trying to do a simple metric box in the kibana dashboard to show how many items are in each station, but I want to exclude the ones that already moved to the next station.

That means I'm trying to use count for a sub data only contains the latest occurrence of each "sn"

In our example case, The count boxes will be:
Distance: 0
Flow: 1

Please let me know if you further questions!
I have been stuck on this for a while and really like to understand how to do such a thing generally

Thanks alot!,
Doron

sholzhauer · September 20, 2023, 12:36pm

Hi, you can utilize the transform feature to get to your desired result.

If you created a latest transform on your data with a group_by on the item id the result will be an index with a single document per item.

This index can then be used as your source data to create the visualizations you need.

Doron_Abramovich · September 20, 2023, 12:54pm

Amazing!
Worked and was easier then I thought

Don't understand how I missed it after so many searches in Google haha

Glad I posted here and thanks a lot!

system · October 18, 2023, 12:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.