Hi,
Would appreciate some assistance.
I need a way to return the last 10 or so documents which contain data in a specified field.
See sample documents below:
The field I need to retrieve the values from is the "captured_data" field in the second document.
Not all my documents will have that field, only some will... I need a way to return, say, the last 10 documents which actually have that field.
Many thanks!
{
"_index": "user_data-2017.03.03",
"_type": "logs",
"_id": "AVqVJw5rXDJ0YRPIx7dN",
"_score": 1,
"_source": {
"message": "action = standard\t[MsgId: MMSG-17999]\r",
"@version": "1",
"@timestamp": "2017-03-03T17:10:40.714Z",
"host": "redpart-667a",
"path": "04_253.log",
"handler": "unknown",
"run": "442",
"endpoint": "unknown",
"id": "253",
"directive": 0,
"run_type": "not_assigned",
"last_code": "11751",
"iteration": "0",
"site": "fall"
}
},
{
"_index": "user_data-2017.03.03",
"_type": "logs",
"_id": "AVqVJw5rXDJ0YRPIx7dN",
"_score": 1,
"_source": {
"message": "action = standard\t[MsgId: MMSG-17999]\r",
"@version": "1",
"@timestamp": "2017-03-03T17:10:40.714Z",
"host": "redpart-667a",
"path": "04_253.log",
"handler": "unknown",
"run": "442",
"endpoint": "unknown",
"id": "253",
"directive": 0,
"captured_data": "1786tg7812b2",
"run_type": "not_assigned",
"last_code": "11751",
"iteration": "0",
"site": "fall"
}
}