Hi- I want to group my logs as per a particular fieldValue and then find the difference of timestamps between First and Last occurrence.
How to approach this ? suggestions invited.
Unfortunately you would need a scripted metric aggregation which Kibana doesn't support yet, we're tracking it at https://github.com/elastic/kibana/issues/2646. You could output the first and last occurrence using the top hits aggregation.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.