elasticsearch


Missing data when using unique count and creating an aggregation in Kibana


I have a behavior in Kibana, I can't explain. The following is a simple bar chart, counting unique users, filtered by application and a role, and ensuring certain fields exist on the logs:
This graph shows that I have approx. 170 users which have the role 'Landmand'. If I split the bar by the term 'fields.Role', I would expect a identical chart, since I already applied a filter specifying 'fields.Role:Landmand' in the search. However I see this.
This suddenly limits the unique count to approx. 150 users. I've tried with different fields and it seems to have the same behavior - as soon as I split the bar, I seem to limit the data somehow.
Any information is greatly appreciated.
It happens because it uses the cardinality aggregation to do the unique count. As it is explained in the link, the count is approximate and it has a % of error. Just do a quick test, try to copy the request and try with a different precision threshold to see the difference.
To set a custom precision_threshold you can use the advanced section and put a custom JSON Input to the aggregation:
If you go to the Request section, you can actually see that the threshold has been added to the cardinality aggregation.

Related Links

Get Percentage of Values in Elasticsearch
elasticsearch - aggregating counts on array matches
ElasticSearch has_child query does not support query_string
elastic search autocomplete, searching with space creating an issue
(ELK) logstash grok for SBR accounting log
aws cloudsearch/lucene query street names
Getting cardinality of multiple fields?
Aggregating a Key/Value list in ElasticSearch
“reverse cardinality” in elasticsearch?
ElasticSearch- Using Fields doesn't return any documents on Nest
Analyzer to find , e.g: “starbucks” when mistakenly querying “star bucks”
Elasticsearch - boost document based on field's specific value
How to get elasticsearch most used words?
Umlaut in Elastic Suggesters
Index creation move elastic search cluster to red
Is there multiword synonyms with slop in ES

Categories

HOME
couchdb
softlayer
foaf
loopbackjs
plpgsql
drag-and-drop
bittorrent
firebase-dynamic-links
pyresttest
roku
xbap
jodatime
temperature
word2vec
pickle
jaspersoft-studio
psql
jitsi
error-logging
spring-ldap
managed-c++
plyr
crud
hevc
android-service
ccavenue
bobo-browse.net
docx4j
python-2.x
rspec-rails
knights-tour
private-key
markov-chains
express-session
dreamfactory
elastica
stat
swfupload
system-on-chip
grails3.2.0
adblock
aws-kinesis-firehose
renderman
word-2007
rcharts
cognos-tm1
google-shopping-api
bilinear-interpolation
nvda
maven-release-plugin
unsigned
distributed-cache
verisign
pack
stack-smash
chicagoboss
auto-generate
enaml
textscan
web-api
whitespace-language
prism-4
text-align
jolie
n-tier-architecture
cout
back
osascript
box2dweb
cpu-time
armv6
san
.net-remoting
background-thread
coordinate
gamesalad
algol68
will-paginate
net-use
css-friendly
tabbarcontroller
processors
stretchblt
jboss-mdb
remote-working
code-camp
account-management

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile