Basically I want to select the latest metricbeat record for each metric and then filter the results.
A naive approach filters all the results and then chooses the latest match.
So for example an api call which errors at 13:00 and recovers at 14:00 will have the 13:00 record match the filter and be returned, where we want the 14:00 record to be returned and then filtered out so that no result for that api is shown.
It seems possible to do in elastic with post_filter, but I can't see how to achieve it in kibana
Hey @_ewan, it's not possible to currently use the post_filter with the Kibana "normal" visualizations. You could use the Vega Visualization because in this situation you have full control over the query which is sent to Elasticsearch, but it's significantly more effort than using the "normal" Visualizations.
It'd be great if you could open up a feature request for this to be added to the normal visualizations.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
