Using Logstash I have JSON docs that gets stored into Elastic Search every minute with the most current timestamp, and with c1 being the count of rows returned by a SQL Query.
Using Kibana and the following Query string, i'm able to fetch all the JSON docs persisted into Elastic search associated with the type testuser1-counts.
type:"testuser1-counts"
However what Query string can I use in Kibana to fetch the one JSON doc with the latest timestamp, that way I have access to the latest c1 count?
Kibana query string is based on Lucene query syntax, or you can also use the "filters" part of Elasticsearch Query DSL. Neither would give you the ability to run a function and determine a "max" value, for that you need aggregations. In Kibana 4, aggregations are exposed using the vis builder, so here is one way to display a max date.
Unfortunately, since at this time there is no way to filter for documents with max date, there is no way to display a value at max date. We are tracking an enhancement for that: https://github.com/elastic/kibana/issues/678
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
