Missing data when using unique count and creating an aggregation in Kibana
I have a behavior in Kibana, I can't explain. The following is a simple bar chart, counting unique users, filtered by application and a role, and ensuring certain fields exist on the logs: This graph shows that I have approx. 170 users which have the role 'Landmand'. If I split the bar by the term 'fields.Role', I would expect a identical chart, since I already applied a filter specifying 'fields.Role:Landmand' in the search. However I see this. This suddenly limits the unique count to approx. 150 users. I've tried with different fields and it seems to have the same behavior - as soon as I split the bar, I seem to limit the data somehow. Any information is greatly appreciated.
It happens because it uses the cardinality aggregation to do the unique count. As it is explained in the link, the count is approximate and it has a % of error. Just do a quick test, try to copy the request and try with a different precision threshold to see the difference. To set a custom precision_threshold you can use the advanced section and put a custom JSON Input to the aggregation: If you go to the Request section, you can actually see that the threshold has been added to the cardinality aggregation.
Get Percentage of Values in Elasticsearch
elasticsearch - aggregating counts on array matches
ElasticSearch has_child query does not support query_string
elastic search autocomplete, searching with space creating an issue
(ELK) logstash grok for SBR accounting log
aws cloudsearch/lucene query street names
Getting cardinality of multiple fields?
Aggregating a Key/Value list in ElasticSearch
“reverse cardinality” in elasticsearch?
ElasticSearch- Using Fields doesn't return any documents on Nest
Analyzer to find , e.g: “starbucks” when mistakenly querying “star bucks”
Elasticsearch - boost document based on field's specific value
How to get elasticsearch most used words?
Umlaut in Elastic Suggesters
Index creation move elastic search cluster to red
Is there multiword synonyms with slop in ES