1.9.2 and 1.8.7 have numerous differences in the functions available to the Time, Date, and DateTime classes. The commit ensures that we only use the Time class and only use methods that exist in 1.8.7.
The --last parameter can now understand minutes, hours, days, weeks, and years. For example, the following commands are now valid: logstash-cli grep --last 15min foo logstash-cli grep --last 10hrs foo logstash-cli grep --last 1year foo The --from and --to parameters can now optionally take a precise time specification. For example, the following command is now valid: logstash-cli grep --from "2012-12-02" --to "2012-12-04 12:00:00"
This uses Elasticsearch's facets feature to return the most frequent values for a given field, and optionally shows related fields using a facet filter. Ref: http://www.elasticsearch.org/guide/reference/api/search/facets/ Note that the size option here is for results per index, not across all indices. For this command's purposes, I think it makes more sense.
Perhaps duplicating the output of "logstash-cli help" here should be reconsidered, due to having to keep them in sync.