How can I get all the fields and rows of the most recent write from Elastic with essql?

jaffarkazi · June 18, 2020, 5:33am

I have employee records, (say name, dob, address) and a timewritten field, which is time converted to seconds.
This data is written to my index every 5 seconds. Suppose there are 5 records.
Run 1 will write employee records with timewritten as 10 for example.
Run 2, after 5 seconds, will write employee records with timewritten as 15.
And so on.

What is the SQL I can use to get all records of the most recent (max) timewritten?
I'm trying this on Kibana Canvas, where JOINs and IN is seemingly not supported.

AClerk · June 18, 2020, 6:16am

Hey,
You can try using the following

essql
query="SELECT ...
FROM index_1
WHERE ...
ORDER BY timestamp DESC"
| math "first(employee_unique_identifier)"
| render

jaffarkazi · June 18, 2020, 6:32am

As I said, ALL the records with all fields of that single timewritten value, not a single one. And definitely not a single field.

system · July 16, 2020, 6:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.