Hi there,
I am creating a table that counts apache accesses. I like to have the count number on the table so that I have an idea of which clients are sending most requests.
If I add @timestamp to the table, then I don't get a proper count - obviously, as the rows from the same origin will no longer be the same.
But is there a way to show the last @timestamp for that client on the table?
Best,
Francis
Hi @francisaugusto
Can I ask you if you can provide an example of what the table should looks like?
Are you trying to aggregate apache access by client (ip or another ID), sorting them by count and also displaying the last timestamp for each client? something like
| client ip | count | last seen |
|---|---|---|
| 10.0.0.2 | 100 | 2019-03-04 00:00:01:000 |
| 10.0.0.7 | 88 | 2019-02-04 00:00:01:000 |
| 10.0.0.4 | 52 | 2019-02-04 00:00:01:000 |
| 10.0.0.6 | 23 | 2019-06-04 00:00:01:000 |
If this is your request I think you can use a Data Table visualization with two metrics: count and top hits like in the following screenshot. The Bucket is a Terms aggregation on client ips, with the sorting based on the count metric.
Than I've added a second metric to display the Top Hits of the timestamp field
@markov00 Thanks a lot! That's exactly what I was hoping to implement.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
