I have to create a visualization which captures the number of devices having unknown agent versions, e.g. capture 3 groups: version 5.6.1 having 1 device, 5.7.2 having 2 devices, and 5.8.1 having 5 devices. There will be new versions in the future and I need a way to ensure that these new groups (unknown versions) will be shown, without having to be explicitly mapped out and maintained in Elasticsearch or Logstash.
Currently I have a field, Agent_Version, where I send each version group, a number of times. The number of times depends on how many devices have that version, e.g. Agent_Version => 5.6.1, 5.7.2, 5.7.2, 5.8.1, 5.8.1, 5.8.1, 5.8.1, 5.8.1.
Is there a way to count the occurrence of each term in this field, within the latest document only?