Hi, I have created one table from logs in Discover which looks fine. Now In the table , we have one field "instance_id" which is an integer. I need to create a table which will show records corresponding to only maximum of instance_id. How can it be done.
Hi, you can make a Data Table Visualization and have a metric column for Max of some field in your data.
As it is in a table, you'll also want to define a bucket aggregation on which to split the rows, and show max-per-something. If everything is time-based, you can have a table that shows max-per-month:
Hi Tim,
Thanks for your reply!
Basically we dont need any aggregation. let me explain the scenerio,
We are moving a log file to elastic every 1 hour along with one unique id for all the logs for that particular hour. On dashboard, we need to show only data corresponding to rows with maximum instance_id.
Data corresponding to the maximum instance id per something, right? Per hour? Per different values found for some field? Per all logs ever?
The answer to that question is the answer to how you want to aggregate your data into table rows or bars in a chart.
Hi tim,
It will be in table rows. For example for instance id 1, i have 10 rows and for instance id 2 i have 3 rows and for 3, i have 5 rows. So on dashboard,i want to see rows corresponding to id 3 only ( though we
have data of id 1,2 also)
Thanks
Hm, it sounds like you could make this table by splitting the rows with a terms aggregation on instance id. With terms size set to 1, and terms sorted by timestamp (hopefully your data has a timestamp for each document), that should send the search to Elasticsearch to get data for just the latest instance id.
Still not clear.
Does elastic provide any kind of training which should also include different kibana plugins?
How to get customer support via webex or any other medium.
Thanks
Hi, I'm sorry that it is not clear. You will need an aggregation to "select" the latest instance ID via a terms aggregation, where terms are instance IDs and the terms to choose is just the latest.
In my data, I have a year field which has values 1888-2017. If I want a table that only has data for 2017, I could do this:
It doesn't matter that my time picker says "Last 200 years" - the size 1 terms aggregation gives me just the "top" year.
For this great question, let me guide you here: Subscriptions | Elastic Stack Products & Support | Elastic. Support, training, web ex sessions are all possible through a subscription.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.