Hi,
I have a data on multiple indexes and want to search it's last occurrence. Could you please help me on this.
Here is the scenario:
I have following indexes:
acct-2018-03-01 , acct-2018-03-02 , acct-2018-03-03 .... acct-2018-03-25 , acct-2018-03-26 ... acct-2018-04-16
I want to search the last occurrence of jobid (value 12345) from the above indexes.
Suppose It's available on indexes acct-2018-03-01,acct-2018-03-03,acct-2018-03-25.
Now I want to print the data only from it's last occurrence (from index acct-2018-03-25).
I am using index as a "acct-*".
I can use "sort": [{"@timestamp": {"order": "asc"}}] and size =1 but in that case it would return only single entry from latest index and I want all entries from the latest index.