We want to use metric aggregation to count how often certain entries (IP addresses in this case) occur in our data set and we ran into two problems.
First, ascending ordering is deprecated. Is there any other way to do achieve the same?
Second, is there a way to use the Count variable in a filter, for example only showing the entries with a certain value of Count?
Can you share a more info about how the data is organized and what you have so far?
I believe you can continue using ascending count with the caveat that it may be inaccurate. Kibana added a deprecation warning as a result of https://github.com/elastic/elasticsearch/issues/17614#issuecomment-303013380, but the latest comments indicate it's being left in. There aren't really any alternatives that I know of.
I wasn't able to find a way to filter based on count. Maybe a range aggregation(with a range of 1) instead of a terms aggregation, although I'm not sure the results will be useful. The filter and search bar in Kibana will be applied before the aggregation takes place, so we would need to use a pipeline agg but unfortunately Kibana doesn't support that one.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.