Hello, I'm currently working with kibana.
Currently I have made a visualization that allows me to count the unique host.
I have another plugin _id field
But the problem is that I want to be able to count the unique plugin id by unique host.
how can I resolve it?
Hey, it is not very clear to me what you want to visualize. If you have as a metric the unique count of plugin_id and on the breakdown the host?
I'll put it in context.
I have my risk field that I want to be able to visualize over time. So that's why on the x-axis I have the date field and my risk field in break down.
Then, to display my risk field, I want to count the unique plugin id by unique host.
And I don't know how to do it
I have tried this setting but I want to know how can I aggregate the value. I want to sum all High and all medium in order to have one display of high and one display of medium
Hey thanx for the explanation. It seems to me that you want something like this [Lens] collapse by only one field for multi-field top values · Issue #146733 · elastic/kibana · GitHub. This is not possible atm but I added your use case in the comments. It helps for prioritization.
it there a formula that a I can set in advanced settings to have my information?
how can I do unique count with kql?
KQL is a filtering language, you can't run aggregations. I am afraid what you want is not possible with Lens formulas.
I want to be able to have per single host (in each host we make a single plugin id ) the number of risk.
so it is not possible with kibana?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.