Elasticsearch Query setting date conditions

DavidGreensfelder · June 8, 2023, 3:36pm

I am setting up Alerting Rules under Rules and Connections.

My query works great, but I need to not see the alerts during the maintenance window from 9 pm to 5 am.

Here is my query:

{
  "query" : {
    "bool" : {
      "must" : [
        {"match" : {"log.level" : "Error"}}
        ],
      "filter": [
        {"terms": {
          "agent.hostname": [
            "Server1p",
            "Server2p",
            "Server3p"
          ]
        }}
      ]        
    }
  }
}

How can I add a condition to only have the query work from 5 am to 9 pm?

Priscilla_Parodi · June 28, 2023, 8:13pm

Hello @DavidGreensfelder,

You can use a range query with the date field.

  "range": {
        "timestamp": {
          "time_zone": "+01:00", 
          "gte": "2023-06-28T05:00:00",
          "lte": "2023-06-28T21:00:00"
        }
      }

Make sure you are checking the time zone.

system · July 26, 2023, 8:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to send alert between specific time range in Kibana? Kibana elastic-stack-alerting	2	1680	April 10, 2020
Kibana alert rules use today only time window Kibana elastic-stack-alerting	2	603	June 28, 2023
Turn off Alert during night Kibana elastic-stack-alerting	2	998	September 10, 2021
Query Range with Date Data Elasticsearch elastic-stack-alerting	2	763	October 29, 2018
Elastics search date range issue Kibana elastic-stack-alerting	1	221	March 27, 2022

Elasticsearch Query setting date conditions

Related topics