How to aggregate by value and get latest results

AClerk · November 5, 2019, 4:07am

Hi,
I am trying to build a table visualisation to show all clusters in storage.
In my specific example, I am expecting to have only 2 clusters, as there are only 2 unique cluster IDs.
I am not able to aggregate and get the latest results only.
How should that be done?
I tried by

Metric Aggregation: Top Hit
Field: Cluster_id
Aggregate with: concatenate
Size: 1
Sort on: @timestamp
Order: Descending

Also tried to get MAX timestamp, and all kind of try and error, with no luck.

Currently, the records are duplicated, and I don't know why.
I would like to see the records marked in red and only those.

Cheers!

Marius_Dragomir · November 18, 2019, 5:19pm

What are you using for the split in the table? It should work with a Terms aggregation on the cluster ID field.

AClerk · November 24, 2019, 9:58pm

@Marius_Dragomir
Not sure I understand the question.
I split the table with the properties I want to show.

Anyhow,
For now, my workaround/solution is to take the Max timestamp of the doc.
Then Split the table with the fields to show and aggregate by Max(timestamp)
Seems to work for now.

Cheers!

system · December 22, 2019, 9:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana data table with the aggregations only on the latest records Kibana	3	1228	February 4, 2019
How to aggregate data by an field? Elasticsearch	5	4936	July 5, 2017
Data Table Visualization :: Autosort and Display only Top N? Kibana	4	865	December 10, 2019
Issues utilizing Top Hit aggregation Kibana	0	60	July 2, 2024
Visualizing log files in table Kibana	8	2041	May 9, 2019

How to aggregate by value and get latest results

Related topics