I have a request related logs in document, like:
request_idrequest_current_execution_time_ms- it stores milliseconds from the beginning of request execution to the moment of log is writtenrequest_urlrequest_methodresponse_statusrequest_id_url- this one is Scripted field of type URL, so clicking by that field it'll open discovery tab and show only logs related to specific request
What I want to do is to build a table where I want to list N last requests, group by request id, so basically my metric for data table is request_id Unique count.
In the table i want to show multiple rows:
request_id_url- so we can click from the table and see all the logs related to particular urlrequest_urlrequest_method- and
request_current_execution_time_ms
But as request_current_execution_time_ms is can be many values for each log per request I add a filter by special log message request_sent to take only last log per request AKA full request execution time.
So I can build table by adding either request_id_url and request_url OR request_id_url and request_method OR request_id_url and request_current_execution_time_ms but can't add them all together, I'm simply getting error error while executing search... I think issue is that for each row it require own aggregation, but can I relay on other row aggregation and just show value I want? Or maybe I'm doing something else incorrectly?