Kibana charts with only latest entry

Elastic Stack Kibana
1

I am using kibana 4.0 and elastic search 1.5
I want to get the latest set of documents if there are identical documents.
Is it possible?
eg. This is my set of document.

{"Name": "Sunil", "Org":"xyz" }
{"Name": "Sunil", "Org":"xyz"}
{"Name": "Mohan", "Org":"abc" }

Here you can see that the first two documents are identical. So in the kibana chart, is it possible to consider only one of this entry.ie the document {"Name": "Sunil", "Org":"xyz" } should be plotted only once.

Kindly guide.

Thanks & Regards
Sunil

2

That's not currently possible, feel free to raise a feature request though :slight_smile:

3

I had the same problem with "status-logs" of some compnents.

{"Name":"CompA", "Timestamp":"November 27th 2015, 10:08:03.443", "Status":"False"}
{"Name":"CompB", "Timestamp":"November 27th 2015, 10:08:05.673", "Status":"True"}
{"Name":"CompA", "Timestamp":"November 27th 2015, 10:08:08.245", "Status":"True"}
{"Name":"CompC", "Timestamp":"November 27th 2015, 10:08:11.862", "Status":"True"}

You see "CompA" was updated to True, so my False Status isn't important for me.

I solved that problem with de "Type" at Elasticsearch ...
I wanted the "Name" to become a Primarykey and tried this in my logstash config:

output { elasticsearch { index => "komponents" document_id => "%{Name}" }

So every time when a log with an existing name appears, Elasticsearch will make a new "Version" of this log and the old is no longer in your search/visualization.

Was that your problem?

1 Like