Unique Count by using visual builder metric

sajjithreddy · February 6, 2020, 6:29am

I have a question that, How we can get unique count of multiple events in visual builder or any visualization kibana?
Let me explain my question clearly.

In log stash events class name, git url and status is there. This class, git url and status is same or different when application is deployed multiple times. Here my ask is even though deployed multiple times when all these are same my count should be one, if one of these(class,url,status) are different my count should be 2. How can I group these columns and get unique count based on three fields. Any type of visualization is fine for me. Please provide me the solution.

Thanks in advance.

flash1293 · February 6, 2020, 9:42am

You can do this by concatenating all relevant data in a single field of your document - either during ingest or by using a scripted field (during ingest is preferable, as you are already using logstash you can add a pipeline step to create that field).

So if your document looks like this:

{ class: 'Abc', gitUrl: 'https://example.org', status: 'up' }

Then the processing should add a field like this:

{ class: 'Abc', gitUrl: 'https://example.org', status: 'up', identifier: 'Abc,https://example.org,up' }

Now your are able to use the regular "Unique count" aggregation on the identifier field available for all visualization types (bar, pie, table, metric, ...)

This logstash step could use the mutate plugin and look roughly like this:

mutate {
  add_field => {
    "identifier" => "%{class},%{gitUrl},%{status}"
  }
}

sajjithreddy · February 6, 2020, 6:00pm

Hi,

Thank you for the quick response.

Unfortunately I don' have control on data and log stash. Whatever the data exist in log stash, based on that I have to do my aggregations. One more point is that in my data I don't know the value of class, git url . I know only status like deployed, build.. etc. If I write scripted field on this class, url and status, How will my query looks like? as I don't the values of class and git url.

Please help me with the solution.

Thanks..!

flash1293 · February 7, 2020, 8:33am

Unfortunately you can't use scripted fields in visual builder, but you can use them in regular visualizations (e.g. line chart). You don't have to know the values to write the script.

Here is an example with the kibana logs sample data set (for the fields geo.src and geo.dest). Go into index pattern management and add a scripted field to your index pattern like this:

Then when creating a visualization you can use the "Unique count" aggregation on that field:

sajjithreddy · February 7, 2020, 6:12pm

Thank you so much for the help. It worked for me.

system · March 6, 2020, 6:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple Logs in Kibana Kibana	4	1299	December 7, 2017
How to perform calculation for the unique count document in kibana? Kibana	4	1794	August 14, 2019
Unique count by top status Kibana	5	620	July 28, 2022
Get unique count of most recent event Kibana	3	2119	February 28, 2018
Kibana query problem Kibana	8	213	August 3, 2023

Unique Count by using visual builder metric

Related topics