I am new to elastic and really enjoying it so far.
Currently I'm struggling to achieve one thing.
Let's say I have entries like:
{"Key1":"value1", "Key2":"value2","field1":"field1Value"}
and so on. I want to count these entries by Key1 and Key2, but I have multiple rows with the same key values. On some visualizations, I want to count only distinct rows. On other visualizations I'm performing a sum on some other field (non-key one) and I want, for example, to take only the first one of the duplicate entry (field values are the same).
for counting unique values simply choose unique count aggregation for your metric
for doing sum on another field, i hope i understand correctly, you can try the following:
lets say you choose a vertical bar chart:
for x axis aggregation select terms on your key1 field (this will get you one bar for every distinct key1)
for metric select top hit aggregatrion, for field select the field you want to sum on (lets say field1) , select aggregate with (sum) and select size 1 (meaning only the top item will be used)
for Field select the field by which you want to order the values for each term (for example timestamp if you want the latest value) and select ascending/descending order.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.