So this example query would return the documents between 6 and 9 bucketed by day:
GET logstash-0/_search
{
"aggs": {
"by_day": {
"date_histogram": {
"field": "@timestamp",
"interval": "day",
"format": "yyyy-MM-dd"
},
"aggs": {
"between6and9": {
"filter": {
"script": {
"script": {
"source": "int hour = doc['@timestamp'].value.hourOfDay; hour > 17 && hour < 22",
"lang": "painless"
}
}
}
}
}
}
}
}
You could save it as a custom query and then create a visualization against it.