You don't You either pull a small page of data to display (match_all query or any filtering query), or ask ES to aggregate the data for you and get back the metrics or buckets. You can also do both at the same time.
-- Itamar Syn-Hershko http://code972.com | @synhershko <https://twitter.com/synhershko> Freelance Developer & Consultant Author of RavenDB in Action <http://manning.com/synhershko/> On Mon, Jul 14, 2014 at 6:01 PM, Danny Lieberman <[email protected]> wrote: > I'm using ES and Kibana to collect security events and visualize them > using an Items panel. For the sake of illustration a security event has > a site and subject and other attributes. > > My expectation was that if you specify panel.parameters.length = 10 (for > example) and a panel.parameters.order = count, you will get the top 10 with > all events totaled (like an SQL SELECT count(*), site FROM index GROUP by > site) > > In practice it seems like Kibana is issuing a query like this below - > which pulls 10 records (like SQL limit 10) in panel.item field - so if you > have 25 events of a particular site - you will only get the first 10. > { > "query": { "match_all": {} }, > "size": 10 > }' > > > So - to make a long story short - how do take *all the records in the > index* and limit the panel to *show only the top 10?* > > You will excuse me if this is a newbie question. > > Thanks > Danny > > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/fc5f8b20-50f8-4b88-81ef-4371eb49e9bc%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/fc5f8b20-50f8-4b88-81ef-4371eb49e9bc%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zsfbwiad5h1j%3DsoSvekv%2B4Z-GGjQ4R8eqLDH_k6z0hcVg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
