Our ELK stack is storing database slow queries. From "Visualize" for the last 24 hours it shows only 424 total entries:
However, from "Discover" the entries in the same lapse of time are much more; for instance, there are 1243 counts only for the last hour, and 989 for the previous hour.
For the last 24 hours, Kibana "Discover" shows ~5700 records. Where are the ~5300 records missing in "Visualize"?
How is your Split Rows aggregation configured? One the discover tab, do you see pattern.keyword values that are not displayed in the visualize table?
Split Rows Aggregation is done by Terms.
Yes, in Discover there are patterns that are not present in Visualize.
What value are you providing for size under terms aggregation?
It's currently 8, but I've tried higher values and nothing changes (see the empty line at the bottom in the screenshot).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
