Hello, I'm currently working with kibana.
Currently I have made a visualization that allows me to count the unique host.
I have another plugin _id field
But the problem is that I want to be able to count the unique plugin id by unique host.
how can I resolve it?
Hey, it is not very clear to me what you want to visualize. If you have as a metric the unique count of plugin_id and on the breakdown the host?
I'll put it in context.
I have my risk field that I want to be able to visualize over time. So that's why on the x-axis I have the date field and my risk field in break down.
Then, to display my risk field, I want to count the unique plugin id by unique host.
And I don't know how to do it
Hey thanx for the explanation. It seems to me that you want something like this [Lens] collapse by only one field for multi-field top values · Issue #146733 · elastic/kibana · GitHub. This is not possible atm but I added your use case in the comments. It helps for prioritization.
it there a formula that a I can set in advanced settings to have my information?
how can I do unique count with kql?
KQL is a filtering language, you can't run aggregations. I am afraid what you want is not possible with Lens formulas.
I want to be able to have per single host (in each host we make a single plugin id ) the number of risk.
so it is not possible with kibana?