Thanks - suspected bug in my thinking.
D
On Monday, July 14, 2014 6:01:04 PM UTC+3, Danny Lieberman wrote:
>
> I'm using ES and Kibana to collect security events and visualize them
> using an Items panel. For the sake of illustration a security event has
> a site and subject and other attributes.
>
> My expectation was that if you specify panel.parameters.length = 10 (for
> example) and a panel.parameters.order = count, you will get the top 10 with
> all events totaled (like an SQL SELECT count(*), site FROM index GROUP by
> site)
>
> In practice it seems like Kibana is issuing a query like this below -
> which pulls 10 records (like SQL limit 10) in panel.item field - so if you
> have 25 events of a particular site - you will only get the first 10.
> {
> "query": { "match_all": {} },
> "size": 10
> }'
>
>
> So - to make a long story short - how do take *all the records in the
> index* and limit the panel to *show only the top 10?*
>
> You will excuse me if this is a newbie question.
>
> Thanks
> Danny
>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1c176765-38a1-4ec8-a4c1-2300deef9d77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
