I'm using ES and Kibana to collect security events and visualize them using
an Items panel. For the sake of illustration a security event has a
site and subject and other attributes.
My expectation was that if you specify panel.parameters.length = 10 (for
example) and a panel.parameters.order = count, you will get the top 10 with
all events totaled (like an SQL SELECT count(*), site FROM index GROUP by
site)
In practice it seems like Kibana is issuing a query like this below - which
pulls 10 records (like SQL limit 10) in panel.item field - so if you have
25 events of a particular site - you will only get the first 10.
{
"query": { "match_all": {} },
"size": 10
}'
So - to make a long story short - how do take *all the records in the index*
and limit the panel to *show only the top 10?*
You will excuse me if this is a newbie question.
Thanks
Danny
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fc5f8b20-50f8-4b88-81ef-4371eb49e9bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
