Kibana Dashboard, Get the last 10 elements of a specific index ignoring the specified time-range

Elastic Stack Kibana
1

Hi Guys,

I've created my own Kibana dashboard. In this dashobard I've added 3 "saved search" created by me.
Everything works fine. What I need to do now is to modify one of these "saved search" to be indipendet by the time range specified in the top-right corner. The output of the "saved search" should be the last N documents stored in the specified index (ignoring the time-range configured).

Is that possible?

Using the REST API I can write something like that:

GET /myindex-*/_search
{
   "size" : 3,
    "query": {
        "bool" : {
            "must" : {
                "match_all": {}
             },
              "filter": {
                  "range": {
                        "@timestamp": { "gt": "now-1y" }
                   }
              }
        }
    } 
}

I would like to create a search request to be added in my dashboard that reproduce the same query (better without specifying the range filter but to query the whole index to find the last 3 elements)

2

Hi @faustf,

Hmm, I can think of only about dedicated index-pattern that doesn't use timestamp (same index, no space impact), see option 2 here for details How to dissociate a visualization from timepicker

Best,
Oleg

3

Thanks, I tried and it works but how can I show only the last N documents?

4

Hmm, I was pretty sure that you could set the size property for saved search, but as per https://github.com/elastic/kibana/issues/4060 it's not supported right now. Unfortunately I can't think of any good workaround for that.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.