So have been used to using GrayLog to build queries like this and struggling to get my head around Kibana so I need a few pointers to get me going.
I have an index that I want to search for various terms in a particular field. For example I want to search the index for the term "MFA" and this term will be in the adaptorid field. This returns some results so far so good but I would like to filter this a little more.
One field in particular that is of interest is trackingid, in fact it is actually the only field that I care about. The results that are returned can return multiple duplicate trackingids for each matched adaptorid.
What I would like to do is dedupe the trackingid so that I can get a count of the unique trackingid. The adaptorid field really doesn't matter in the final results and is just used to identify a particular sub set of trackingid fields from the index.
Assuming you are using Kibana 6.5+
Go to kibana -> Visualize -> Click on + icon -> Select Data Table -> Select your index -> Under Metrics select Unique Count Aggregation and your field trackingid-> Click on Play Icon |>
This will give you count of unique tracking Id's in you index. Now you can use kibana Add a Filter from top to filter MFA in adaptorid