I worked with canvas a little and I guess this is what I learned.
-
Does canvas pulls all the data from index or is it timebound? If it is timebound then what is the default value for time duration for which it pulls data by default?
Ans : By default. It processes all the data. Elasticsearch Raw Docs and Elasticsearch SQL both the inputs will process all data present in mentioned index if the query asks for all documents, If specific field is mentioned to fetch the values for then it limits the output, mu guess is to 1000 entries.
Best way to pull data for specific time is to use timefilter using expression editor. -
Event though I add a time filter element and select a time period as 24 hrs, it still show maximum metric value as 1000. Why is that?
Ans: This looks like a default behavior when specific fields are queried. -
Does it use HyperLog++ algorithm like Elasticsearch cardinality aggregation to calculate possible unique values?
Ans : Not sure still. -
Is it at all possible to show count of unique values if there is such high variation in data?
Ans: I havn't found a way to show unique values for a specific fields as it always returns maximum of 1000 values.