Problem with unique count and cardinality

Peter_K · March 27, 2024, 2:43pm

There are the following fields:

documentnumber
user (user identifier)
@timestamp field

I want to create the following monitoring (as EQL or other query, as alert and if possible in dashboard form) in Kibana: Show the unique users and document numbers for which >= 10 unique users request the same document number in the previous 24 hours.

When creating an aggregation in a visualization, a unique cardinality issue is encountered. This particularly occurs when the aggregation is performed on the Y-axis of a visualisation.

Artem_Shelkovnikov · April 2, 2024, 5:36pm

Hi Peter K, you've tagged the question as "Enterprise App Search", but I see that your question is more of a general Elasticsearch question, is it correct?

Peter_K · April 3, 2024, 9:59am

That's correct, but could not choose Elasticsearch when creating the post

Artem_Shelkovnikov · April 3, 2024, 10:14am

I've moved the topic into Stack / Elasticsearch, this would be the correct forum category for the question.

That will give more visibility to this post and increase likelihood of getting the answer you need!

system · May 1, 2024, 10:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unique value counts in kibana Kibana	5	83464	December 18, 2017
How do we find the number unique dates that a field appears? Kibana	5	700	February 9, 2021
Different counts of unique values in Kibana and CSV-export of the raw data Kibana visualisation	4	601	April 13, 2023
Problem finding duplicate documents via kibana? Issue with unique count! Elasticsearch	6	1199	May 15, 2018
I got diffirent result with same filter between unique_count and list-group-terms in kibana Kibana	3	211	April 26, 2023

Problem with unique count and cardinality

Related Topics