Hello guys.
I'm looking forward using kibana and wonder how can I express in kibana aggregation following SQL pseudocode
SELECT DISTINCT id, version
FROM storage
WHERE level = 'Error'
I have one field named id and another named version. I'd like to display somehow all id-versions pairs for events with Error level.
How can it be done?
Hi
we don't have distinct fields I think. But what your are trying to achieve seems pretty straightforward. You need to do a terms aggregation on id and version
and can then do a 'count'-metric (if you care about that value) the "where level = ...' just needs to be a filter on the filter bar. Hope this helps. Let us know if this works for you.
Cheers
Rashmi
Sorry, I just didn't see any way to group overm ore than one row. After you said it's possible I finally found that another split row should be added to make it work. Thank you.
Glad it worked...
Cheers
Rashmi
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.