Keeping only latest "Date Histogram" aggregation in a datatable

Elastic Stack Kibana
5

Actually, I've asked another question to compute a % ratio between the valid data and error ones and first wanted to display it in a Datatable before seeing in that forum that this was impossible (to create a column with computed information).
So I've created this graph and as you can see in the following monthly graph (aggregated on days), I don't have data every days:
image

So for the moment, the workaround I've found in order to have the values displayed in a table, is to do the following Data configuration:

  • Aggregation: Sum
  • Field: times

Buckets:

  • Split Rows
    • Aggregation: Terms
    • Field: from_host.keyword
    • Order By: Term
    • Order: Descending / Size: 30
    • Custom Label: From Host
  • Split Table (Rows)
    • Aggregation: Date Histogram
    • Field: @timestamp
    • Interval: Daily
    • JSON Input: {"order": {"_key": "desc"}}
    • Custom Label: Day
  • Split Table (Columns)
    • Sub Aggregation: Filters
    • Filter 1 - Valids: type.keyword:valid
    • Filter 2 - Errors: type.keyword:error
    • Order: Descending / Size: 5

I now have the following table:

+-----------------------------------------------------+
| 2018-02-07: Day                                     |
+--------------------------+--------------------------+
| Valids: filters          | Errors: filters          |
+-----------+--------------+-----------+--------------+
| From Host | Sum of times | From Host | Sum of times |
+-----------+--------------+-----------+--------------+
| host1     | 54           | host1     | 1            |
| host2     | 72           | host1     | 8            |
| ...       | ...          | ...       | ...          |
+-----------+--------------+-----------+--------------+
| 2018-02-06: Day                                     |
+--------------------------+--------------------------+
| Valids: filters          | Errors: filters          |
+-----------+--------------+-----------+--------------+
| From Host | Sum of times | From Host | Sum of times |
+-----------+--------------+-----------+--------------+
| ...       | ...          | ...       | ...          |

My ideal would be to simply display a % ratio between valids and errors and only display the data for the latest day for which I have data... it seems impossible for the ratio, but perhaps it is for the "keep only latest day for which we have data" requirement?