Top hits per type of each day

rahul_saini · November 3, 2019, 6:50pm

Hello,

I've an application with two modules - frontend & backend.

Both are getting scanned for defects multiple times a day.

We're collecting these results and pushing them over Elasticsearch, so we can see the defects trend.

I want to project this trend in Kibana visualization in daily basis, possibly in a line graph.

Thing is I must not take data of every scan as each module is getting scanned more than once in a day and taking sum of scan1 and scan2 will give wrong result.

So, I want to take top hit of each module, then take sum of both modules and show in a single line graph.

In other words, "Sum of top hits of both modules"

I'm very new in Kibana and not able to fully understand top hits aggregation.

So kindly suggest how can I make this visualization?

Thanks

Nathan_Reese · November 8, 2019, 1:38pm

In Visualize, start by configuring a Buckets Split series to split your data by type.

Then configure Metric to use a top hit aggregation. Other aggregations will calculate the metric value from all documents in a bucket. The top hits aggregation will only calculate the metric value from the first X documents in each bucket. In the example provided, the top hit will be the most recent document for each term machine.os.keyword ordered by field timestamp

system · December 6, 2019, 1:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.