currently I am exporting (once per hour) certificate expiration data to elasticsearch and visualize it with Kibana. So far so good, but I can't figure out to properly display certificates that are within 30 days to expire without showing expired certificates.
The approach I currently have is to visualize using a
data table and use a
Top Hit aggregation on field
days_before_expire, sorted on timestamp and concat size 1. Rows are splitted on the certificate name.
This results in 1 entry per certificate (their latest available document in elasticsearch) in the table. But what I would like to do is to filter out the
expired certificates, thus certificates where
days_before_expire is < 0.
If I do this as a kibana filter (under the search) this results in (to me) unexpected behavior as the displayed
days_before_expire will be non-negative but is not guaranteed to be the most recent value (as negatives are filtered out).
Can someone elaborate on how to avoid this behavior? The example doesn't stand on its own as I encounter this challenge often when using the
Top Hit aggregation.