I have to create a visualization (Data Table) based on the it sec logs.
The requirement is to summarize the branches where were less than 3 logins per day.
So I have created a Metric(Count), added split row with timestamp interval: daily and another split row terms: branch.
And now I need a filter something like min_doc_count but for max_doc_count.
I have tried to add into "JSON input": { "script": "params.doc_count < 3" } - but that is not worked.
Please suggest me something how to do that!
Thanks
There is no max_doc_count in Elasticsearch for the reasons described in https://github.com/elastic/elasticsearch/issues/21714.
The workaround in that issue may work as a query in Elasticsearch, but it uses a bucket_selector aggregation which is not yet supported in Kibana (see https://github.com/elastic/kibana/issues/17544).
1 Like
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.