Query

shwesinhan · January 18, 2018, 6:42am

hi there!

i am trying to analyze one thing.

scenario:

i have the logs for following actions:
req action 3 times with different id,
resp action 2 times with req id,
if one resp is missing coz' of user close browser

id:0001 req action
id:0001 resp action

id:0002 req action
id:0002 no resp action (user close browser)

id:0003 req action
id:0003 resp action

in this situation, how can i analyze no resp action count in kibana visualization?????

has anybody idea for elasticsearch query???

appreciate for any idea.

val · January 18, 2018, 6:49am

You can do a terms aggregation on the id field and sort the buckets using the document count value (ascending). All ids for which there is a single document will come up first in the bucket list.

{
  "size": 0,
  "aggs": {
    "exchanges": {
      "terms": {
        "field": "id",
        "order": {
          "_count": "asc"
        }
      }
    }
  }
}

system · February 15, 2018, 6:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help in visualizing custom query/aggregation Kibana	8	610	February 22, 2021
Need help with ElasticSearch Pipeline Aggregation query Elasticsearch	1	463	March 14, 2017
Visualize counts on nested buckets Kibana	5	1534	January 7, 2019
Count only sum value of ID on their last date Kibana	7	149	October 5, 2023
Kibana visualization built with context of other logs Elasticsearch	5	372	May 11, 2021

Query

Related topics