I have a few visualisations that are split in ways similar to these:
- The X-axis represents time
- The Y-axis is a count of usernames
- The Y-axis has a split series that uses a terms aggregation on usernames
- The Y-axis also has a split chart that uses a terms aggregation on file names
The end product of that is something that should show the activity of each user per user per file, over time. What it ends up looking like is this:
These will be filtered by project, so there aren't that many people, however, projects usually have a large amount of files, including various files that are used not that much and are less of a concern. This results in thoroughly too many files being displayed, cluttering the visualisation. The image I sent is a somewhat "okay" example of this, it gets much worse.
My question is how can I set the number of split charts that will be shown? When setting the "size" to one, I understand that this doesn't apply to the overall context but just to each of the individual intervals, and thus a lot more than one may be displayed if one is chosen (and even more than that if 2 etc. is chosen). Here's a topic I found that talked through this issue:
My current thoughts on how to do this is to include a DSL filter to the visualisation to try and fetch only the top 5 results of the metric I'd like to sort the charts by. However, as far as I can tell, there isn't really a way of getting the "top 5" from a filter? It's quite easy to get all the values above some value x, is there a way of calculating what x would be to capture only the top 5? I realise this is possible for aggs in the dev console, but I'm unsure of how to apply this to a DSL filter.
Thank you very much for the help, really appreciate any input!
ES: 7.6