Imagine a service reports a user_id and a country on an event of a country change by a user. How possible to chart an aggregation on user count per country, considering that user should be counted towards the current (latest reported for this user_id) country only.
For example, we have the following entries:
// user_id: 1, country: UK, @timestamp: 1
// user_id: 2, country: UK, @timestamp: 2
// user_id: 1, country: USA, @timestamp: 3
// user_id: 3, country: UK, @timestamp: 4
The results should be the following:
// UK: 2
// USA: 1
If it's possible, then how to visualise the result in a pie chart,
If it's not possible, then the bonus question:
Imagine there's a way to report the current country stats into elk, how would you report it in order to get the desired pie chart?