I'm trying to do a visualization, of what I percieve to be quite a basic scenario, but I can't get it to work!
Each document have: clientId (string), timestamp, geohash.
I want to show a map of the LATEST location for each clientId, meaning:
Group by unique ClientId, get the max timestamp for each, show only these documents on the map.
Unfortunately, it looks like the coordinate map visualization is missing sub aggregations, so I'm not able to shape my data and aggregate it before showing it, like I can in other visualizations! Or can I?
Unfortunately you currently are not able to do this. What you are asking would require the possibility to show single documents on the map. We currently only have the possibility to show values aggregated by their location. Though we have currently efforts in improving our mapping capabilities and we hopefully can provide you with a solution to that problem in upcoming versions.
Is it possible somehow to run an elastic query to aggregate the results (something like a materialized view), and use THAT as a data source for the map visualization? Or any other workaround you can think of?
Thanks!
Tal
UPDATE: I read your answer again and I would like to rephrase the question: I understand that the map visualization shows documents aggregated by the location, so I will see multiple documents that are at the same location as 1 point. That's fine. But I would like to filter the documents I'm showing (unique client ids, maximum timestamp). Is it somehow possible (perhaps by using the advanced json input somehow) to specify a pre-filter for the documents that are shown and not use the raw documents (all of them) as the datasource?
I still guess it's not possible. You can filter the documents that go into aggregations, but what you basically need is joining over multiple documents (to find the once with the highest timestamp in each bucket). I am sorry, but I fear, that is even with advanced JSON input not possible to achieve something like this, since that would require multiple queries to execute in a chain (basically finding all those documents, and THEN doing the geo aggregation with only these documents). Kibana as it is currently, isn't meant to do those multiple chaining requests.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.