How to check if value of a field has changed over time

jchat · November 25, 2019, 10:32pm

I have two or more documents getting added to ES which may have same or different values.
Is there a way to identify the records when a value for a field has changed.
For example,
If I receive below two documents, I want to be able to select the latest record based on the updateTime field as the value for count field has changed..But if both the documents were added with same value for count field, I want to ignore that.

Any help would be greatly appreciated.

Thanks

{
"_index": "abc",
"_type": "abc",
"_id": "123",
"_version": 1,
"_score": null,
"_source": {
"name": "pqr",
"count": "1",
"updateTime": "2019-11-25T22:23:50+0000"
}

{
"_index": "abc",
"_type": "abc",
"_id": "456",
"_version": 1,
"_score": null,
"_source": {
"name": "pqr",
"count": "100",
"updateTime": "2019-11-25T22:23:45+0000"
}

nickpeihl · November 26, 2019, 4:14pm

Hi @jchat. I hoped this could be accomplished with a top hits aggregation and a bucket script aggregation, but I've run into a known limitation. https://github.com/elastic/kibana/issues/44294

Would you mind adding a comment to that issue specifying your need. Please be descriptive of your use case. That will help us decide how to implement this feature.

system · December 24, 2019, 4:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query to Check if a Value has Changed Kibana	1	925	July 6, 2017
Filter records with a change in a particular field during a period Kibana	4	270	July 6, 2021
Compare specific fields in two documents and show on dashboard if changed Kibana	2	1087	July 25, 2015
A new field with a value from the difference between the two existing fields Kibana	4	713	September 7, 2020
Filter documents if a field exists and report on the value of that field Kibana	3	1907	March 20, 2017

How to check if value of a field has changed over time

Related topics