Hi,

I have 4 records in the elasticsearch DB for the ddocname "CNT1882742" for the below query

Logstash elasticsearch query:

query => '{ "query": {"match": { "ddocname" :"CNT1882742"} }, "sort": ["@timestamp"] }'

Query output:

{"@timestamp":"2018-02-07T08:30:15.944Z","@version":"1","ddocname":"CNT1882742","ddoctitle":"VSNL_R12Upgrade_TECH_UPG_Resource_Mix-DAA1_V1.12.xls","did":4835074,"tags":["MYO Stage","data"]}
{"@timestamp":"2018-02-07T10:26:42.139Z","@version":"1","ddocname":"CNT1882742","ddoctitle":"VSNL_R12Upgrade_TECH_UPG_Resource_Mix-DAA1_V1.12.xls","did":4835074,"tags":["MYO Stage","data"]}
{"@timestamp":"2018-02-07T23:46:38.974Z","@version":"1","ddocname":"CNT1882742","ddoctitle":"VSNL_R12Upgrade_TECH_UPG_Resource_Mix-DAA1_V1.12.xls","did":4835074,"tags":["MYO Stage","data"]}
{"@timestamp":"2018-02-08T08:07:38.554Z","@version":"1","ddocname":"CNT1882742","ddoctitle":"VSNL_R12Upgrade_TECH_UPG_Resource_Mix-DAA1_V1.12.xls","did":4835074,"tags":["MYO Stage","data"]}

How to get only "one" record based on the "max timestamp" for the above. How to modify the query to achieve this ?

Expected output:
{"@timestamp":"2018-02-08T08:07:38.554Z","@version":"1","ddocname":"CNT1882742","ddoctitle":"VSNL_R12Upgrade_TECH_UPG_Resource_Mix-DAA1_V1.12.xls","did":4835074,"tags":["MYO Stage","data"]}

Make sure the sorting on @timestamp is in descending order and set the plugin's size option to 1.

It didnt work Magnusbaeck.

I tried this
query => '{ "query": {"match": { "ddocname" :"CNT1882742"} },"sort": {"@timestamp":{"order":"desc"}},"from":0,"size":1 }'

Still I m getting 4 results sorted based on timestamp in desc order.

I said "set the plugin's size option to 1". I didn't say anything about modifying the query.

Sorry about that.
If you dont mind, Can you tell me how to change the plugin's size?

It's a plugin option, just like query that you're already using. See the plugin documentation.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.