this search is working without time field how i can make it work with time bound.
POST _sql?format=txt
{
"query":"SELECT network,usage.total from clients where usage.total <= 1000 AND '@timestamp' < now() - INTERVAL 7 MINUTE order by usage.total DESC"
}
@farrukh_aziz I'm sorry, but I don't understand the question. Can you provide more details or ask the question differently?
Also, your query is slightly wrong. It should be SELECT network,usage.total from clients where usage.total <= 1000 AND \"@timestamp\" < now() - INTERVAL 7 MINUTE order by usage.total DESC. @timestamp should be surrounded by double quotes (not simple ones) and they should be escaped.
© 2018. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.