Show unique count with buckets in Metric

#1

Hi all,

Greetings! I have to admit, I am extremely new to Kibana but am trying to learn. I have developed a dashboard that shows Vulnerabilities and a corresponding remediation document. When using the data table I am able to bucket the data in a way so that the count is 1 for each item (a vulnerability on a server in an RP may appear multiple times in the index). When I export the raw data, I can see there are 7,516 items. What I am trying to do, though, is reproduce that count in a metric visualization. Although I can do a unique count in the metric, I'm struggling in creating the same row buckets that I have on my data table.

Is there any way to aggregate on the metric viz so that it returns a count number that is the same as what I'm getting on my data table?

(Thomas Neirynck) #2

so you want a metric-viz readout for each individual row. So in your example, that would be 752 metric visualizations?

#3

I could be thinking about this completely wrong. Ultimately, I would like the sum of the count column that I've created on the data table. I just have no idea how to show that total number as a metric. So if I have 7,516 rows on the data table, it would display 7,516 on the metric viz (instead of the 1,168 in my attached image). Hopefully that makes sense.

(Thomas Neirynck) #4

I would do this with a scripted-field. https://www.elastic.co/blog/using-painless-kibana-scripted-fields

Create a new field that is the concatenation of RP number- vulnerability and IP address. See https://www.elastic.co/blog/using-painless-kibana-scripted-fields for an example of string-concatenation.

In the metrics visualization, then perform a unique count on that new field. It should show you how many unique combinations you have of those 3 fields.

#5

Thank you so much for your help, Thomas--I truly appreciate it. That did the trick!