How To Show Console Search In Discovery

Hello,
I have a GET _search that I wrote in the console. It does what I want it to, however I am not sure how to display it.

Kibana version is 6.3.2
Elasticsearch version is 6.3.2

I have a single index, filled with a stream of timestamped documents representing alarm messages. Each message is for a specific process variable. A new message does not indicate a "new" alarm, so much as an update to the alarm state for the process variable. So to get the latest alarm for each process variable, I wrote the following search in the console. It worked as intended and retrieves what I want. However, I cannot figure out how to display the data it retrieved. I would like to simply list the documents it retrieves from the index in the discovery table, but I have not figured out a way to do that.

GET _search
{
  "size": 0,
  "aggs": 
  {
    "latest_alarms" :
    {
      "terms" :
      {
        "field" : "config",
        "size" : "100000",
        "order" :
        {
          "newest" : "desc"
        }
      },
      "aggs" : 
      {
        "newest" :
        {
          "max" : 
          {
            "field": "time"
          }
        }
      }
    }
  }
}

This may be easier to do if this same result could be reproduced in a query or filter. That way it could be put in the search bar or in the JSON field of the filter.

I was able to recreate this in the datatable, so the search is no longer necessary.

Using Max Bucket, with the bucket as the date range, and the metric as max of the time field.

Spliting the row and then aggregating on the "pv" term allowed me to get the latest documents for each "pv".

Awesome, thanks for the followup.

To provide a little more info, you can throw a raw query in the discover search bar, but it won't be happy with aggregations. It's looking for raw documents.

Ah, that makes sense.

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.