i have a scenario of collating some list of repeated SQL slow query with date vise transaction. My aim is to achieve unique no of the repeated SLOW query list which occurs in the certain time period in a data table visualization (Group them).
When i add this Query in the Term aggregation with keyword parameter there is no result displayed in the data table.
These are some sample query i want to group,
Any idea if there any custom KQL query can do this job? 
Seems like a scripted field can help with that: https://www.elastic.co/guide/en/kibana/current/scripted-fields.html
The script should pull the information relevant to you out of the message field, then you can use terms on top of it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
