I have a question that, How we can get unique count of multiple events in visual builder or any visualization kibana?
Let me explain my question clearly.
In log stash events class name, git url and status is there. This class, git url and status is same or different when application is deployed multiple times. Here my ask is even though deployed multiple times when all these are same my count should be one, if one of these(class,url,status) are different my count should be 2. How can I group these columns and get unique count based on three fields. Any type of visualization is fine for me. Please provide me the solution.
You can do this by concatenating all relevant data in a single field of your document - either during ingest or by using a scripted field (during ingest is preferable, as you are already using logstash you can add a pipeline step to create that field).
Now your are able to use the regular "Unique count" aggregation on the identifier field available for all visualization types (bar, pie, table, metric, ...)
This logstash step could use the mutate plugin and look roughly like this:
Unfortunately I don' have control on data and log stash. Whatever the data exist in log stash, based on that I have to do my aggregations. One more point is that in my data I don't know the value of class, git url . I know only status like deployed, build.. etc. If I write scripted field on this class, url and status, How will my query looks like? as I don't the values of class and git url.
Unfortunately you can't use scripted fields in visual builder, but you can use them in regular visualizations (e.g. line chart). You don't have to know the values to write the script.
Here is an example with the kibana logs sample data set (for the fields geo.src and geo.dest). Go into index pattern management and add a scripted field to your index pattern like this:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
