@anelson-edge unfortunately the standard "data table" visualization doesn't support the bucket_script aggregation and we're tracking support for this here. If you can give this a +1, it'll help us prioritize it appropriately.
We can get most of the way there using a standard data-table visualization:
Well, the data is time series, but I only want the last event (based on the timestamp) for any given alert (alert-key).
And then I only want those last events if the last event is in the firing state.
I think it's a builtin assumption to "Time Series" Visual Builder that I have a time-series for the output (not just the input).
That said, I did learn a new trick from your "most of the way there" example.
Thank you for responding.
I will learn some more Vega, but unfortunately there are known issues with the Kibana Vega integration (no scrollbars, no vega 5 support yet) that make Vega not quite perfect.