Hi,
Actually i store logs in Elastic. I would like to get all the last log collected from each host in Discover. If there is 20 differents hosts, the Discover have to show me 20 logs.
I think i can use Elasticsearch Query DSL in filter.
If anyone knows how to do this that would be great
Hi @GinkoLucas,
Have you tried performing Terms aggregation to bucket by hostname and then performing a subaggregation to get the max timestamp within each bucket? Within this aggregation, you should be able to specify an order based on the max timestamp and retrieve the latest document within each bucket.
Let me know if that works for you,
Thanks
Hi @GinkoLucas,
Here is a more detailed example in the docs: Top hits aggregation | Elasticsearch Guide [7.15] | Elastic
In that example, the documents are grouped by the field type and within each term bucket, the document with the latest sale date based on timestamp is retrieved. You can adapt the query to use the hostname field and then order by your timestamp field.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.