I have a simple KQL query, in Kibana:
Backend.ENV: "Test" AND @timestamp:["now-24h/h" TO "now"]
In order to list all matching documents where term named: "Backend.ENV" is equal to value of "Test", in the last 24 Hours.
I wonder if KQL queries syntax, has the option of Count/Length the number of returned documents AND option of Limit the number returned documents (for example: limit first 10 results), In order of returning the number of matched documents returned and limit them, instead of actually listing the dcoumnets.
Looking over the official documentation, i don't see any mention of this options:
https://www.elastic.co/guide/en/kibana/current/kuery-query.html
As the documentation states at the top of the page:
KQL only filters data, and has no role in aggregating, transforming, or sorting data.
In other words you can think of KQL query as being applied to each individual record at a time with no visibility into other records, their order or count. It's purpose is to filter the documents that are then made available to other tools in kibana. For example, you can feed these results to the count aggregation to get the count. There are several options on how to do that in Kibana. Pure KQL is just not one of them.