I am wanting to sort this data based on the unique count of the username field. In this case, because all of the ip's in the data are the same, I want only one record to show. If there were two ip's in that data, I would want only two records to show. Is there a way to build a table this way? I have tried the data table in the visualization tab, and it does allow me to apply a metric that sorts the unique count of the username, however, it does not actually list the data into a table. How would I achieve this?
You are on the right track with the data table visualization. You should be able to get the ip to show by splitting the rows under the buckets section. Is this the data you want to see in the table?
Hi, thanks. I think I can work with this. I am trying to get the most recent record for each username in the entire set of data. But once I get that record, I want to show all of the fields for that record. I wonder if I can combine a query in the discover tab with an aggregation. I'm very new at elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
