I am looking for a way to filter documents according to their timestamp, and get only latest document per 1 min.
for example, i have 10 document indexed per minute, and i want to query over time range of 10 minutes and get only 10 documents (index has 100 but i need only the last one per minute).
is there any way to accomplish that with KQL syntax?
the reason for using KQL is that i want to implement the filter from map layer context, and it seems to only support KQL syntax.
kql is just for query documents. To extract last documents per minutes, you need aggregation. It couldn't be accomplished by kql.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.