How to list unique values of a particular field in Kibana

你离开我真会死。 提交于 2019-11-29 22:11:46
mathakoot

I have been playing around with Kibana4 since a couple of weeks now. I find it intuitive and simple and the experience has been great till now. Following your question, I tried getting unique results via a Data Table visualization. Why? Because I personally find it easier to understand. Following are the steps:

1. Get unique count

Create the visualization (Visualize -> Data Table). First lets get the count of how many unique entries we have for a particular field (We will use this in the later part for verification). I'm using clientip.raw but as I see, it will work just fine with any friendly field name too.

2. Set the aggregation right

Set you aggregation back to count and have a Split Rows as follows. Not doing this will give you count 1 for each field value (since it is looking for unique counts) when you populate the table. Noteworthy part is setting the Top field to 0. Because Kibana won't let you enter anything else than a digit (Obviously!). This was the tricky part. Hit Apply and you'll get the results. Unique field values and the count of each of them.

3. Verification:

Going to the last page of the table, we see there are exactly 543 results. This is how I know it works.

What Next?

You save this visualization and add it to a Dashboard. There you can always check the request, query, response and other stats.

Just an addition to the above mathakoot answer.

For the user of newer version (which do not allow bucket size of 0 anymore) just set a value greater than the maximum number of result

And report the value in the Options>Per Page field

I wanted to achieve something similar but I'm stuck with Kibana 3.1.

I simply added a panel of type "TERMS" and configured its Field = User-agent and left everything else on default values. This gave me a nice bar chart with one bar for each User-agent.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!