How to retrieve unique count of a field using Kibana + Elastic Search

elasticsearch logstash kibana

Afsheen Khosravian · Sep 30, 2013 · Viewed 120.8k times · Source

Is it possible to query for a distinct/unique count of a field using Kibana? I am using elastic search as my backend to Kibana.

If so, what is the syntax of the query? Heres a link to the Kibana interface I would like to make my query: http://demo.kibana.org/#/dashboard

I am parsing nginx access logs with logstash and storing the data into elastic search. Then, I use Kibana to run queries and visualize my data in charts. Specifically, I want to know the count of unique IP addresses for a specific time frame using Kibana.

Answer

For Kibana 4 go to this answer

This is easy to do with a terms panel:

Adding a terms panel to Kibana

If you want to select the count of distinct IP that are in your logs, you should specify in the field clientip, you should put a big enough number in length (otherwise, it will join different IP under the same group) and specify in the style table. After adding the panel, you will have a table with IP, and the count of that IP:

Table with IP and count

How to retrieve unique count of a field using Kibana + Elastic Search

Answer

Related questions