Min/Max aggregation in Discover

elementmg · February 13, 2024, 2:10am

When utilizing Elasticsearch's Discover feature, I'm aiming to construct a query that fetches the maximum and minimum logs for each user, based on three fields: username, app name, and environment.

Currently, my query includes filters such as client name and caller class name, which successfully narrow down the logged-in logs I require. Is there a way to aggregate these logs with additional query logic to identify the earliest and latest logs within each distinct set defined by the combination of username, app name, and environment?

The main thing here is that I cannot use a visualization or lens. These do not allow for .csv POST URL's. I need to add the additional query logic within Discover so I can create a CSV post url.

Any insights or suggestions would be greatly appreciated. Thank you!

stephenb · February 13, 2024, 6:47am

Hi @elementmg welcome to the community.

What version are you on?

elementmg · February 13, 2024, 5:48pm

Is there anywhere within the app where I can see this without running API/curl commands?

In stack Management i see 8.11.1.

Same if i check devtools, i see kbnVersion 8-11-1

stephenb · February 13, 2024, 6:52pm

Well in that Case YES... you need to look at ESQL

You can use it in Discover...Pull down the Data Views and get started there is help

elementmg · February 13, 2024, 7:37pm

Excellent! Thanks Stephen. This will do!

system · March 12, 2024, 10:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.