Problem with unique count and cardinality

Peter_K · March 27, 2024, 2:43pm

There are the following fields:

documentnumber
user (user identifier)
@timestamp field

I want to create the following monitoring (as EQL or other query, as alert and if possible in dashboard form) in Kibana: Show the unique users and document numbers for which >= 10 unique users request the same document number in the previous 24 hours.

When creating an aggregation in a visualization, a unique cardinality issue is encountered. This particularly occurs when the aggregation is performed on the Y-axis of a visualisation.

Artem_Shelkovnikov · April 2, 2024, 5:36pm

Hi Peter K, you've tagged the question as "Enterprise App Search", but I see that your question is more of a general Elasticsearch question, is it correct?

Peter_K · April 3, 2024, 9:59am

That's correct, but could not choose Elasticsearch when creating the post

Artem_Shelkovnikov · April 3, 2024, 10:14am

I've moved the topic into Stack / Elasticsearch, this would be the correct forum category for the question.

That will give more visibility to this post and increase likelihood of getting the answer you need!

system · May 1, 2024, 10:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unique value counts in kibana Kibana	5	83701	December 18, 2017
How do we find the number unique dates that a field appears? Kibana	5	704	February 9, 2021
Visualization with unique count of fields combination Kibana	3	3621	August 15, 2019
Different counts of unique values in Kibana and CSV-export of the raw data Kibana visualisation	4	602	April 13, 2023
Unique Count Metric and Cardinality filter not providing the same result Elasticsearch elastic-stack-alerting	3	892	September 10, 2018

Problem with unique count and cardinality

Related topics