Hi,
I am creating a data table in canvas and was wondering if it is possible to do something similar to the 'top hit' metric you can do in the visualization, but in the canvas data table?
For example I have a field called message and I am wanting to get only the last timestamp value of that field and not show any of the previous values.
You can use something like this:
SELECT customer_gender, count(*), max(order_date) FROM "kibana_sample_data_ecommerce" GROUP BY customer_gender
Thank you for the quick reply @flash1293
That has helped but I need to add another field to it called UID which is a unique value that helps track each case's message.
But when adding that into the data table, I now get all the values for the message field again and not just the last value for each case. This is what I have tried below:
"SELECT UID, message , max(\"@timestamp\") as timestamp FROM "index"
group by message, uniqueIdentifier"}
If there are multiple uids, which one do you want to show? If you don't want to group by it, then you have to pick, just like in regular SQL
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.