Hello,
I am newbie to Kibana and having hard time to create an alert for job which is not in success state for last 90 min ..am trying below query but somehow when using "gte": "now-90m", it get converted to below in extraction query every time when i try to run the alert and does not give the right result as it is looking into entire file not from now : pls suggest what am doing wrong
"range": {
"LOGS.SCHEDULED_TIME": {
"from": "now-90m",
"to": null,
"include_lower": true,
"include_upper": true,
"boost": 1
below is my complete query:
{
"from": 0,
"size": 0,
"query": {
"bool": {
"filter": [
{
"bool": {
"must": [
{
"bool": {
"must": [
{
"term": {
"LOGS.NAME.keyword": {
"value": "TASK_123",
"boost": 1
}
}
},
{
"term": {
"LOGS.STATE.keyword": {
"value": "EXECUTING",
"boost": 1
}
}
},
{
"range": {
"SCHEDULED_TIME: {
"gte": "now-90m",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"_source": {
"includes": [
"COUNT"
],
"excludes":
},
"aggregations": {
"COUNT_0": {
"value_count": {
"field": "_index"
}
}
}
}