I created a log parser that puts each parsed log line into Elastic Search as a documents with fields like timestamp, error_code, message.
Now, the problem is to display errors grouped by error_code, but for each error_code there should be the number of occurrences, the time of last occurrence (i.e. max timestamp) and an example of message (preferably the last one).
I know facets can be used to determine all unique error_codes and the total count of occurrences for each one. But how do I get timestamp and message?