Query

hi there!

i am trying to analyze one thing.

scenario:

i have the logs for following actions:
req action 3 times with different id,
resp action 2 times with req id,
if one resp is missing coz' of user close browser

id:0001 req action
id:0001 resp action

id:0002 req action
id:0002 no resp action (user close browser)

id:0003 req action
id:0003 resp action

in this situation, how can i analyze no resp action count in kibana visualization?????

has anybody idea for elasticsearch query???

appreciate for any idea.

You can do a terms aggregation on the id field and sort the buckets using the document count value (ascending). All ids for which there is a single document will come up first in the bucket list.

{
  "size": 0,
  "aggs": {
    "exchanges": {
      "terms": {
        "field": "id",
        "order": {
          "_count": "asc"
        }
      }
    }
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.