How is the following possible when searching in an index pattern?
How can the unique appearances of a keyword term be more than the documents themselves?
"Unique count" in kibana uses the cardinality aggregation --> see here
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-cardinality-aggregation.html
If you read the cardinality aggregation page you will see its an approximate unique count. So short answer is due to the distributed nature of elasticsearch - unique counts can only be approximates (unless your index only has a single shard).
Thx for this clarification;
so is there a way (or what is the recommended way) to make this comparison:
exact number of unique entries (based on some field)
vs
exact number of all documents
?
Document count is not approximated, so will be accurate. The cardinality aggregation can be exact as long as you have all your data in a single shard. For a discussion on why this is not possible in Elasticsearch as you scale out, have a look at this thread.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.