Grouping on elasticsearch value and show latest value

Grafana Elasticsearch
1

I have a pipeline to ingest data into elasticsearch with the following GROK pattern…

  "grok": {
    "field": "message",
    "patterns": ["%{NOTSPACE:ProjectCode},%{DATA:ECVersion},%{DATA:Date},%{INT:TotalPatients:int},%{INT:TotalUsers:int}"]
  },
  "date": {
    "field" : "Date",
    "formats" : ["yyyy/MM/dd hh:mm"]
  }

I would like to create a bar chart based on the latest value received in the TotalUsers field, grouped on the project code.

Any help would be appreciated.

Garry

2

Hey. There’s no support in Grafana for es query latest value received in the <some> field. You would do a regular time series query in Grafana, i.e. group by date histogram, group by terms “project code” and then an average/min/max/count aggregation as metric. This will give you an aggregated view over time and per project code.