Hi,
Would like to know how to query for the most current timestamp and display on dashboard.
Best regards
1 Like
The actual query would be something like
GET _search
{
"size": 0,
"aggs": {
"most_recent": {
"max": {
"field": "@timestamp"
}
}
}
}
This translates directly into the aggregation you'd configure for a metric visualisation.
Hi Magnus,
Thanks.
I tried to use the query at Kibana Dev Tool and received this error
{ "took": 23, "timed_out": false, "_shards": { "total": 26, "successful": 26, "skipped": 0, "failed": 0 }, "hits": { "total": 13, "max_score": 0, "hits": [] }, "aggregations": { "most_recent": { "value": null } } }
When i search using the full search
GET _search { "query": { "match_all": {} } }
I have this index customer with timestamp which I need to retrieve the latest timestamp
{
"_index": "customer",
"_type": "type1",
"_id": "iyBNkGMBMi0XPkSP1tgf",
"_score": 1,
"_source": {
"Connect": "Y",
"Timestamp": "2018-05-24 09:00:00"
}
}
]
}
The timestamp field in your data model is called Timestamp. Try replacing @timestamp in the example query with the actual field name.
Ok, I changed to Timestamp but the result did not display the latest timestamp
GET _search { "size": 0, "aggs": { "most_recent": { "max": { "field": "Timestamp" } } } }
Result
{ "took": 5, "timed_out": false, "_shards": { "total": 21, "successful": 21, "skipped": 0, "failed": 0 }, "hits": { "total": 12, "max_score": 0, "hits": [] }, "aggregations": { "most_recent": { "value": 1527152400000 } } }
The most recent value 1527152400000 translates into 2018-05-24 09:00:00 from your example. What makes you think that this is not the latest time stamp?
Hi Magnus,
Yes I did not get it till you pointed out this is Unix Epoch value.
Thanks so much for the help.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.