Hi,
my requirement is to make a timelion .
I need to count records group by two fields and with two where condition
Metric is count (where field1 = value1 and field2 = value2)
group by - terms field1
then by - date histogram @timestamp.
Thanks
Hi there!
I think the .es() function has all of what you need to do this. You should be able to do something similar to:
.es(q="+field1:'val1' +field2:'val2'", split=field3:10, timefield=@timestamp)
q is Lucene query syntax
split will do a term aggregation on the specified field up to "10" top terms
timefiled allows you to specify which column to use for the date histogram
Let me know if you need additional help!
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.