Hello guys.
I'm looking forward using kibana and wonder how can I express in kibana aggregation following SQL pseudocode
SELECT DISTINCT id, version
FROM storage
WHERE level = 'Error'
I have one field named id and another named version. I'd like to display somehow all id-versions pairs for events with Error level.
How can it be done?
Hi
we don't have distinct fields I think. But what your are trying to achieve seems pretty straightforward. You need to do a terms aggregation on id and version
and can then do a 'count'-metric (if you care about that value) the "where level = ...' just needs to be a filter on the filter bar. Hope this helps. Let us know if this works for you.
Cheers
Rashmi
Sorry, I just didn't see any way to group overm ore than one row. After you said it's possible I finally found that another split row should be added to make it work. Thank you.
Glad it worked...
Cheers
Rashmi
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.