In an index I have a series of events, but they're usually incomplete. They will all have a "source" and a "timestamp" but different attributes will be present or not.
Is there a way to visualize them in Kibana, for each "source" a complete composite documents - with the latest value of each attribute? Like if attribute A was set only last week A=4 and since then it never showed up in newer documents (attribute missing) I should see in my search result A=4? And this for many attributes of course, not only A.
So it's not even possible? 
It might be possible to use the transform API to create a separate index where you have one document per source and update this based on the data written to the other index. You can then query this to get the latest state.
1 Like
The transform API would help me to have the desired result always updated, nice point thank you.
I'm still not sure how the query look should like - to have the desired result in the first place (instead of querying x times for getting latest each field).
Could a set of sibling pipeline aggregations, one for each changeable field, construct the result?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.