Last record for each unique value

Elastic Stack Kibana
1

Hello,

Our company changed to Elastic few months ago. before then we used to log a lot of things to one simple SQL table. in SQL i was able to find for each unique identifier last value that was recorded with simple Query. but as i wasn't trained in elastic\kibana magic I'm quite desperate.

Our company is working with lets call them "messages". Each message has its own UniqueID.
logs in kibana looks like:

  1. UniqueID=1,Event=MessageReceived, time
  2. UniqueID=1, event=messageprocessing, time
  3. uniqueID=1, event=finnished, time
  4. UniqueID=2, event=messagereceived, time
  5. UniqueID=2 event=messageprocessing, time

from time to time for some reasons our system didnt finnish the processing process and we have to find out what's wrong.

is there a way i can find what is the last event recorded for each uniqueID we have in last 24hour?? ive tried to google the poop of this but i wasnt able to find a solution that would work for me as i am inexperienced user of Elastic.

Thanks
J.

2

Hi @JeremyLoyd,
if you're using version 7.12 of Kibana, you could use Lens to create datatable visualization. Otherwise use the normal datatable.

Here's the example chart that might help you. CustomerId is an equivalent of uniqueId, product_name.keyword is an equivalent of event. Let me know if I understood your problem correctly:

Screenshot 2021-04-23 at 13.35.21
Screenshot 2021-04-23 at 13.35.212452×1436 366 KB

  1. Setup your time picker to last 24 hours
  2. Switch to datatable in chart picker on the top of the workspace
  3. You can use top values aggregation on uniqueId and set up number of values really high (more than uniqueIds you're expecting to have)
    Screenshot 2021-04-23 at 13.33.44
    Screenshot 2021-04-23 at 13.33.44764×982 48.4 KB
  4. Configure metric as last value on the event
    Screenshot 2021-04-23 at 13.34.04
    Screenshot 2021-04-23 at 13.34.04762×782 43.7 KB
3

Hi Marta, thanks for reply & sorry for late response.

i cant really figure out how to add Rows and Metrics into Datatable options. all i got is Columns.
Is it problem with our data types (string/number/record) or somewhere in my configuration or im i simply missing some plugin??

J.