Kibana Dashboard, Get the last 10 elements of a specific index ignoring the specified time-range

faustf · November 15, 2018, 10:52am

Hi Guys,

I've created my own Kibana dashboard. In this dashobard I've added 3 "saved search" created by me.
Everything works fine. What I need to do now is to modify one of these "saved search" to be indipendet by the time range specified in the top-right corner. The output of the "saved search" should be the last N documents stored in the specified index (ignoring the time-range configured).

Is that possible?

Using the REST API I can write something like that:

GET /myindex-*/_search
{
   "size" : 3,
    "query": {
        "bool" : {
            "must" : {
                "match_all": {}
             },
              "filter": {
                  "range": {
                        "@timestamp": { "gt": "now-1y" }
                   }
              }
        }
    } 
}

I would like to create a search request to be added in my dashboard that reproduce the same query (better without specifying the range filter but to query the whole index to find the last 3 elements)

azasypkin · November 15, 2018, 2:33pm

Hi @faustf,

Hmm, I can think of only about dedicated index-pattern that doesn't use timestamp (same index, no space impact), see option 2 here for details How to dissociate a visualization from timepicker

Best,
Oleg

faustf · November 15, 2018, 3:33pm

Thanks, I tried and it works but how can I show only the last N documents?

azasypkin · November 15, 2018, 4:34pm

Hmm, I was pretty sure that you could set the size property for saved search, but as per https://github.com/elastic/kibana/issues/4060 it's not supported right now. Unfortunately I can't think of any good workaround for that.

system · December 13, 2018, 4:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.