Problem with unique count and cardinality

Peter_K · March 27, 2024, 2:43pm

There are the following fields:

documentnumber
user (user identifier)
@timestamp field

I want to create the following monitoring (as EQL or other query, as alert and if possible in dashboard form) in Kibana: Show the unique users and document numbers for which >= 10 unique users request the same document number in the previous 24 hours.

When creating an aggregation in a visualization, a unique cardinality issue is encountered. This particularly occurs when the aggregation is performed on the Y-axis of a visualisation.

Artem_Shelkovnikov · April 2, 2024, 5:36pm

Hi Peter K, you've tagged the question as "Enterprise App Search", but I see that your question is more of a general Elasticsearch question, is it correct?

Peter_K · April 3, 2024, 9:59am

That's correct, but could not choose Elasticsearch when creating the post

Artem_Shelkovnikov · April 3, 2024, 10:14am

I've moved the topic into Stack / Elasticsearch, this would be the correct forum category for the question.

That will give more visibility to this post and increase likelihood of getting the answer you need!

Topic		Replies	Views
Unique value counts in kibana Kibana	5	87126	December 18, 2017
Unique count > Count in kibana Elasticsearch	3	2009	February 15, 2019
Elasticsearch aggregation not matching with unique count metrics Elasticsearch	4	1724	December 29, 2017
Cardinality Aggregation - Different Unique Counts! Elasticsearch	18	4840	July 6, 2017
Elasticsearch query for unique value Elasticsearch	3	665	August 1, 2019

Problem with unique count and cardinality

Related topics