Hi there,
All that really happens with JSON inputs is that the JSON gets included along with the rest of the aggregation generated by the editor and sent to Elasticsearch. The docs on aggregations explain the options for these in more detail, but we most commonly see folks using them to include inline scripts to run against the selected field, e.g.
{
"script": {
"inline": "doc['name'].value ...whatever",
"lang": "painless"
}
}
The important thing to keep in mind is that these scripts are run on a per document basis, meaning the only information that's available to the script is what lives inside the individual document -- so I can't think of a way to do what you're describing with JSON inputs.
How are you hoping to visualize your data? Understanding what you're trying to do might help me to point you in the right direction.
By the sounds of things, you are wanting to visualize raw documents, which is tricky because Kibana visualizations are generally based on aggregated data. One idea I had off the top of my head for achieving this using a data table visualization:
- Unique count metric agg on the
Name - Split rows by terms agg on the
Name, and then order descending by a custom metric using a max agg on theTimestamp
This would (I think) show you the results you're looking for.