Hi,
I am looking for a way to filter documents according to their timestamp, and get only latest document per 1 min.
for example, i have 10 document indexed per minute, and i want to query over time range of 10 minutes and get only 10 documents (index has 100 but i need only the last one per minute).
is there any way to accomplish that with KQL syntax?
the reason for using KQL is that i want to implement the filter from map layer context, and it seems to only support KQL syntax.
kql
is just for query documents. To extract last documents per minutes, you need aggregation. It couldn't be accomplished by kql.
One possible option is to add "minute" field to the index somehow (you can use runtime fields) and use latest transform to create another index which contains only last document per minute.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.