I have logs with the fields:
Each log shows the time (timestamp) the URI was visited. The SessionId is a field I created by concatenating IP with Timestamp (without the minutes or seconds). That is, all the logs belonging to the same day and hour are grouped into the same SessionId.
IP Timestamp URI SessionId
188.8.131.52 December25th2017T08:30:00 google.com 184.108.40.206_25-12-2017_8
220.127.116.11 December25th2017T08:45:00 youtube.com 18.104.22.168_25-12-2017_8
22.214.171.124 December25th2017T09:30:00 facebook.com 126.96.36.199_25-12-2017_9
188.8.131.52 December25th2017T09:58:00 youtube.com 184.108.40.206_25-12-2017_9
220.127.116.11 December30th2017T15:20:00 yahoo.com 18.104.22.168_30-12-2017_15
22.214.171.124 December30th2017T15:30:00 elastic.com 126.96.36.199_30-12-2017_15
188.8.131.52 December30th2017T15:58:00 youtube.com 184.108.40.206_30-12-2017_15
220.127.116.11 December30th2017T09.35:00 bing.com 18.104.22.168_30-12-2017_9
22.214.171.124 December30th2017T09.59:00 google.com 126.96.36.199_30-12-2017_9
Now, I need to know the top URI that were the last ones to be visited in the sessions.
That is, for the example above:
-> “youtube.com” was the last URI visited in the following sessions:
-> “google.com” was the last URI visited in the following session:
Therefore, I need a visualization/query that indicates something like:
So far, I’ve managed to get the last visited URL’s for each session by doing a terms aggregation on session_id and then a top_hits aggregation on timestamp.
The problem is that I can’t group them by URL (to compute the count for each URL) because top_hits aggregation doesn’t allow any subaggregations…
How can I solve this?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.