Hi all!)
I have such data:
There are two metrics called asoup_last_modified and asusg_last_modified that store postgres table update timestamp (amount of seconds since epoch).
In table I want to see the last (max) timestamp. For that I typed in query and grouped by those metrics names and applied Max aggregation function:
- Partially that worked. But as you can see there are unspecified metrics names: upload and asusg_send_failed. It seems that query does not work or query result is not used when table constructed. How to get rid of them?
- I specified datetime format but only time is displayed. It seems that this is feature because there is no need to display date if it is today.
- How can replace values in cells? For example asusg_last_modified for “Asusg Last Modified”.
The query and response:
{
"request": {
"url": "api/datasources/proxy/1/_msearch?max_concurrent_shard_requests=5",
"method": "POST",
"data": "{\"search_type\":\"query_then_fetch\",\"ignore_unavailable\":true,\"index\":\"metrics\"}\n{\"size\":0,\"query\":{\"bool\":{\"filter\":[{\"range\":{\"@timestamp\":{\"gte\":1589463926701,\"lte\":1590068726701,\"format\":\"epoch_millis\"}}},{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"@metric:(asoup_last_modified OR asusg_last_modified)\"}}]}},\"aggs\":{\"3\":{\"terms\":{\"field\":\"@metric.keyword\",\"size\":500,\"order\":{\"_key\":\"desc\"},\"min_doc_count\":0},\"aggs\":{\"1\":{\"max\":{\"field\":\"timestamp\"}}}}}}\n"
},
"response": {
"took": 10,
"responses": [{
"took": 10,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 18,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"3": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [{
"1": {
"value": null
},
"key": "upload",
"doc_count": 0
},
{
"1": {
"value": null
},
"key": "asusg_send_failed",
"doc_count": 0
},
{
"1": {
"value": 1590049505280
},
"key": "asusg_last_modified",
"doc_count": 12
},
{
"1": {
"value": 1590050422784
},
"key": "asoup_last_modified",
"doc_count": 6
}
]
}
},
"status": 200
}],
"$$config": {
"url": "api/datasources/proxy/1/_msearch?max_concurrent_shard_requests=5",
"method": "POST",
"data": "{\"search_type\":\"query_then_fetch\",\"ignore_unavailable\":true,\"index\":\"metrics\"}\n{\"size\":0,\"query\":{\"bool\":{\"filter\":[{\"range\":{\"@timestamp\":{\"gte\":1589463926701,\"lte\":1590068726701,\"format\":\"epoch_millis\"}}},{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"@metric:(asoup_last_modified OR asusg_last_modified)\"}}]}},\"aggs\":{\"3\":{\"terms\":{\"field\":\"@metric.keyword\",\"size\":500,\"order\":{\"_key\":\"desc\"},\"min_doc_count\":0},\"aggs\":{\"1\":{\"max\":{\"field\":\"timestamp\"}}}}}}\n"
}
}
}
