In the quick count feature of kibana, it shows you stats based on buckets on a field. Usually it is limited to 500 or whatever the system is configured to use. If the search returned 1 million records, it is only showing the stats for 500 records.
Does anyone how kibana chooses those 500 records? Is it the 500 newest records? or 500 oldest records?
Thanks
I think this is the same discussion as this thread: Field statistics - sampling
Hi Tanya, i do not understand your statement
"By default, for time-series data, those are the latest documents, but that also changes depending on what searches and filters you've applies in Discover."
How does searches and filters change how kibana chooses the 500 documents to sample?
So, if you apply a filter (say, search for the word "error"), now instead of looking at last 500 documents in an index, it will look at last 500 documents that match the filter (in this case, all documents that contain the word "error").
That makes sense. Thanks!
Hi,
Can we somehow configure the quick count to show all the distinct values stored in elastisearch for that particular index?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.