Hello everyone,
I am pretty new regarding ELK.
I want to use the elasticsearch filter plugin in logstash to query event in elasticsearch in order to do some operations between previous log events and the current log event. I followed the tutorial: https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html . I have to use the attribute 'query' in order to get the previous log events corresponding to a specific device. However, I just want to get back the last log event registered in elasticsearch. I would like to know if I can do that with the attribut 'sort' (and maybe the aurgument size) to do that. And if yes, how to do it (the tutorial does not explain how to do it).
I would be very thankful for any help.
Thank you in advance.
Sen