How to aggregate by value and get latest results

AClerk · November 5, 2019, 4:07am

Hi,
I am trying to build a table visualisation to show all clusters in storage.
In my specific example, I am expecting to have only 2 clusters, as there are only 2 unique cluster IDs.
I am not able to aggregate and get the latest results only.
How should that be done?
I tried by

Metric Aggregation: Top Hit
Field: Cluster_id
Aggregate with: concatenate
Size: 1
Sort on: @timestamp
Order: Descending

Also tried to get MAX timestamp, and all kind of try and error, with no luck.

Currently, the records are duplicated, and I don't know why.
I would like to see the records marked in red and only those.

Cheers!

Marius_Dragomir · November 18, 2019, 5:19pm

What are you using for the split in the table? It should work with a Terms aggregation on the cluster ID field.

AClerk · November 24, 2019, 9:58pm

@Marius_Dragomir
Not sure I understand the question.
I split the table with the properties I want to show.

Anyhow,
For now, my workaround/solution is to take the Max timestamp of the doc.
Then Split the table with the fields to show and aggregate by Max(timestamp)
Seems to work for now.

Cheers!

system · December 22, 2019, 9:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana data table with the aggregations only on the latest records Kibana	3	1283	February 4, 2019
Last value of a series kibana Kibana	3	1904	July 25, 2019
Could you please comment if the new aggregation module will solve my use case? Elasticsearch	2	367	July 6, 2017
Return a different field than the aggregated field Elasticsearch	3	973	July 5, 2017
Data table with a complex Top Hit Kibana	8	4045	December 27, 2017

How to aggregate by value and get latest results

Related topics