How to find unique values of a field in a data table

keya · June 16, 2016, 7:11pm

Hi,
I have created a data table in Kibana. I would like to see the unique values in each field so that I can select a particular value and filter all data for that value. Is there a way to do this in Kibana?

Thanks.

luis · June 17, 2016, 1:10pm

Hi,
you can add the field in as a bucket and you'll see all of its values in the table or you can simply go back to your discover tab and see the value there.
To filter your table for that value, add a bucket (or sub-bucket) as 'split rows', in 'sub aggregation' select 'filter' and on the filter space write your restriction, for example, age=20 if you only want lines where the age field is 20

keya · June 17, 2016, 3:17pm

I have already created a data table for logs and added multiple buckets using the 'split rows' in 'sub-aggregation' that you mentioned. One of the 'terms' in my data is "level" which indicates the level of error. It can have values like info, debug, error, trace, etc. In my table there is a lot of data for level info, so first page is populated with only value info. Now I want to know which are the unique values in that 'level' column. Is there any way to find that out?
I cannot find any way to do it? Is it a limitation of Kibana?

Thanks.

luis · June 17, 2016, 3:29pm

On metrics select Aggregation : Count
Then try having one single bucket as:
Aggregation : Terms
Field : Level
Order by : Term

Then increase the size to make sure you have all the different possibilities for level. Like this you'll hava a list of all the types of level

keya · June 17, 2016, 3:44pm

But this way I will only be able to see the types of error levels and their count. My question is, in a data table with multiple buckets is there a way to see only unique values of a particular column say 'level' without the count so that I can filter on it and view all data related to it.
When I have multiple buckets, I want to click on the level column and filter all data related to error level "debug". How can I do that?

luis · June 17, 2016, 4:41pm

I think you need to do that value by value of level, meaning that you need to configure your filter (in the 'level' bucket) as 'level=debug'

keya · June 17, 2016, 4:55pm

But in case I don't know what values are there in the level type, then how can I filter?
First I want to know which are the unique values, after I know the unique values then I want to decide on which type to filter.
Also, I want to do this on a dashboard, so that end user does not have to create any table to find the unique values.