elasticsearch


How to retrieve the latest event with a given field value?


I index events similar to the ones below:
{
"time": "2015-10-01",
"kind": "A"
},
{
"time": "2015-10-02",
"kind": "B"
},
{
"time": "2015-10-15",
"kind": "A"
},
{
"time": "2015-10-16",
"kind": "B"
}
In other words, these are timed events of several kinds (A and B in the example above). It is guaranteed that there cannot be two or more events of the same kind with the same time.
I am looking for a query which would retrieve the latest (time closest to "now") events for each kind. For the example above these would be the lat two ones.
Up to now, I was forcing the _id to have the value of kind, which automatically kept a set of unique events (the events are indexed with time, so the one with the date of 2015-10-16 is guaranteed to be indexed after the one from an earlier 2015-10-02). This of course does not keep the history of events, something I am now interested in.
How about this query:
{
"size": 0,
"aggs": {
"unique_kind": {
"terms": {
"field": "kind",
"size": 10
},
"aggs": {
"max_date": {
"max": {
"field": "time"
}
},
"1st": {
"top_hits": {
"size": 1,
"sort": [{"time":"desc"}]
}
}
}
}
}
}

Related Links

Fluentd Elasticsearch target index
Kibana showing data from two ES instances
How to pull all the records from elasticsearch using Grafana
ElasticSearch update property value using script
Why adding a date range filter disables aggs?
How can I use elasticsearch to search with special commands in query?
Recreation of mapping elastic search
Elasticsearch & Groovy Scripting Nested Field Aggregation Matching
Elasticsearch 2.2: delete documents by query
Prevent duplicates in Elasticsearch object array upon insert
elasticsearch aggs returns wrong count numbers
How to redirect between 2 dashboards in Kibana4?
Not able to load Kibana on port 5601
How to have not_analyzed for all new indexes by default?
Any way to have kibana 4 send alerts or take action on specific conditions
Create a geo_point from two different fields in ElasticSearch

Categories

HOME
class
azure-functions
windows-8.1
bokeh
bots
devexpress
command-prompt
theano
risk-management
mongoid
mirc
gallery
apache-kafka-connect
javafx-8
log4j2
nexus3
vimeo
squid
android-contacts
raml
el
fido-u2f
kaggle
exchange-server-2010
sipp
tracing
annotation-processing
laravel-4.2
copy-protection
guice
xenapp
windowsiot
mongodb-3.4
cucumber-junit
custom-keyboard
restful-architecture
autoencoder
keyboard-layout
assertions
ms-solver-foundation
installanywhere
tidal-scheduler
selenide
grails3.2.0
ejml
dagger
git-tfs
nuclio
daz3d
liteide
roracle
android-5.0-lollipop
xcglogger
sonatype
glassfish-4.1
glimpse
1010
case-when
rcharts
petsc
multi-touch
bigdecimal
thread-exceptions
logical
pyaudio
svnserve
gcloud-node
eclemma
android-syncadapter
odp.net-managed
jeditable
polymerfire
wif4.5
wepay
ibm-was
place
android-studio-import
netdatacontractserializer
sequence-sql
abstract-factory
fiware-bosun
rails-api
refit
iosched
assetic
smips
background-thread
chefspec
ip-geolocation
idispatch
server-name
cakeyframeanimation
gamesalad
flymake
mmc3
representation
jquery-1.4
printqueue
uninstaller
subtext
sqlsitemapprovider
jboss-mdb
server-load
gui-designer

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile