Hi, new to kibana here, so I was using splunk before and wanted to port my queries over.
I was using the query as below.
BATCH AND (succeeded OR failed) AND (start OR master) AND testsvr01
Is it possible to add a time frame? Like from 07:00 to 07:10?
I've tried adding @timestamp:[07:00 TO 07:05] and it does not work.
Is there some thing I am doing wrong?
The queried time range is defined via the time picker at the top right of the window, not sure you can do what you want via a query.
i see! thank you mark!
i'll find a way around that.
This might be interesting for me as well. @obviouslygene: did you find a solution / workaround for your use case?
hey @torstenfeld didn't get a solution for this specific type of query. I had to do a +@timestamp: [now-1h TO now]+host: "Server01"+message: ("succeeded *" OR "failed *") AND ( "script0 *" OR "script1 *") kinda query.
did you take a look at query string? https://www.elastic.co/guide/en/elasticsearch/reference/1.x/query-dsl-query-string-query.html you can use query string with condition like AND field, and search on specified field timestamp: [2012-01-01 TO 2012-12-31]
hth
jason