Reputation: 1921
@timestamp range query in elasticsearch
Can I make a range query on default timestamp field ignoring date values i.e. using only time in timestamp - say 2 hours of each day?
My intentions are to search for all the documents but exclude the documents indexed between 9 PM and 12 AM (I have seen example with date ranges in filtering).
timestamp example stands following:
"@timestamp": [
"2015-12-21T15:18:17.120Z"
]
Elasticsearch version: 1.5.2
Upvotes: 2
Views: 11687
Answers (1)
Reputation: 4818
My first idea would be to use the date math in Elasticsearch query, e.g. if you run your query at 1PM, this would work:
{
"query": {
"range" : {
"@timestamp" : {
"gte": "now-16h/h",
"lte": "now-1h/h"
}
}
}
}
(watch out for the timezone though).
As far as I know, the only other possibility would be to use scripting.
Please note also that you are running a very old version of Elasticsearch.
Edit If you need simply absolute date, then check how your @timestamp field look, and use the same format, for instance on my Elasticsearch, it would be:
{
"query": {
"range" : {
"@timestamp" : {
"gte": "2015-03-20T01:21:00.01Z",
"lte": "2015-03-21T01:12:00.04Z"
}
}
}
}
Upvotes: 1
Related Questions
- Query by timestamp in ElasticSearch
- timestamp in milliseconds and date range - elasticsearch query string
- Elastic search fail to do a timestamp range query
- Elasticsearch time field and range query
- how to give timestamp in range query Elasticsearch
- Date range Query in kibana 5.6.3 not working with @timestamp
- elasticsearch 6: hours-range filter from @timestamp
- Elasticsearch query based on timestamp
- elasticsearch query dates by range
- How can I search on time ranges in Elasticsearch?