Hello there, I am having some trouble getting the most recent event from my GET request. Here is the curl that I am using:
curl localhost:9200/packetbeat-2017.01.26/_search?pretty=true -d '{
"query": {
"match_all": {}
},
"size": 1,
"sort": [{
"@timestamp": {
"order": "desc"
}
}]
}
SOLVED: I needed an '@' symbol instead of an "_" in from of the "timestamp" field.
This ALWAYS returns the same thing. I also tried in ascending order, and I really don't know what the deal with this is. All that I want is the info from the most recent event to happen. Please help me out