Is it possible to limit the number of results returned from a discover search? For example I just want the last event indexed for a particular field.
I was able to do this in a visualization by taking the max @timestamp and then bucket -> Split rows by Term but it would return a table that included both @timestamp AND term. I just want the term.
Thanks!
I think I understand what you're shooting for.
If you go into the Management section, and select Advanced Settings, there is a 'discover:sampleSize' setting. Change that to 1.
Does that accomplish that you want?
I thought about that option but won't the result be all of my discover searches returning only 1 event? I was hoping to save specific searches that only return 1 event (the latest indexed) and the rest return the normal settings amount.
Unfortunately I don't think there is a more clean way to accomplish what you're looking for. 
There is a current feature request for this, although I don't think it's high on the priority list at the moment. Feel free to weigh in there!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.