Hi,
A typical ELK use case:
- daily indices
- need to get only the last N that match a query (i.e. sorting by time and matches most likely coming from the very latest/current index)
Is there any way to tell ES "search these indices, one by one, newest to oldest, and stop when you find N matches"
Of course, this can be done manually, outside ES, by running queries one by one, but since this is such a common ELK usage pattern I was wondering if there is anything in ES, or maybe planned for future versions of ES, that would make this possible without one having to run queries one by one.
Thanks,
Otis
Monitoring - Log Management - Alerting - Anomaly Detection
Elasticsearch Consulting - Support - Training - http://sematext.com/