Hi , I want to write a _search or _count query (kql) that will give the unique count based on one field after filtering two other fields. It will be really helpful if you guys can help me with it.
Hi @Prateek_Bajaj,
KQL is a language to filter down the set of documents of the current view, it can't help you with aggregating these documents (e.g. by doing a unique count on them). Think of it as just the WHERE clause of a SQL query. For this you need to add a visualization to the mix.
Check out the following example using a metric aggregation:
The query in the KQL bar is filtering down the documents based on two different fields, the configured metric is applying the "Unique Count" aggregation based on a specified third field.
You can save this visualization and put it on a dashboard - the content of the query bar will be saved along with the Visualization itself.
Hi @flash1293
Thanks alot for the reply, It helped me alot. Can I create a _search call to elastic search to get this final number as response. ??
If you click the Inspect button in the top nav, you can see the request and response made by the visualization based on this configuration.
Thanks alot , This is exactly what I was looking for.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.