Hello,
I am logging to elasticsearch requests made by one application. If there is a failure, a second, third, etc petition is made, nothing changes except 2 fields. I need to query to get visualization but only to use one of these documents. Is there a way to do this?
To explain a bit more lets say that I have 4 documents:
{
number: 345
transactionId: 1
timestamp: 05:41
}
{
number: 345
transactionId: 1
timestamp: 05:42
}
{
number: 670
transactionId: 2
timestamp: 05:43
}
{
number: 720
transactionId: 3
timestamp: 05:44
}
{
number: 140
transactionId: 4
timestamp: 05:45
}
Now I want to do a sum visualization so that doc 1 is used, but not 2 (since is the same transaction). so that the sum of number is 345+670+720+140 instead of 345+345+670+720+140. Is this possible in Kibana? If not can I accomplish this with a script?
regards,
IC