Hi,
In my ELK setup I have documents like this,
{
"message_id" : "1",
"name" : "customer1",
"login_status": "loggedIn",
"company": "Abc"
},
{
"message_id" : "2",
"name" : "customer1",
"login_status": "loggedOut",
"company": "Abc"
},
{
"message_id" : "3",
"name" : "customer2",
"login_status": "logged_in",
"company": "Abc"
},
{
"message_id" : "4",
"name" : "customer3",
"login_status": "loggin_failed",
"company": "XYZ"
}
I want to visualize these information in a data table to show the current logged in status of each user. I have tried to do this using TopHit (top hit based on the message_id filed - descending order) and I was able to visualize this as required. However, I want to put a input control to filter out based on the logging status. When I select the logged_in status from the filter I'm getting the customer1 as a result due to the first record. I understand technically this is correct since as per my filtering criteria, first message is the latest record.
However, I want to do the filtering only from the latest records for each customer. So when I filter for the logged_in users, customer1 should be visible in the table.
Any idea on how to visualize this type of behavior? I have the feasibility to modify the json document structure if required. Really appreciate any help on this.
Thanks in advance.
Manjula
