Elasticsearch Query setting date conditions

DavidGreensfelder · June 8, 2023, 3:36pm

I am setting up Alerting Rules under Rules and Connections.

My query works great, but I need to not see the alerts during the maintenance window from 9 pm to 5 am.

Here is my query:

{
  "query" : {
    "bool" : {
      "must" : [
        {"match" : {"log.level" : "Error"}}
        ],
      "filter": [
        {"terms": {
          "agent.hostname": [
            "Server1p",
            "Server2p",
            "Server3p"
          ]
        }}
      ]        
    }
  }
}

How can I add a condition to only have the query work from 5 am to 9 pm?

Priscilla_Parodi · June 28, 2023, 8:13pm

Hello @DavidGreensfelder,

You can use a range query with the date field.

  "range": {
        "timestamp": {
          "time_zone": "+01:00", 
          "gte": "2023-06-28T05:00:00",
          "lte": "2023-06-28T21:00:00"
        }
      }

Make sure you are checking the time zone.

system · July 26, 2023, 8:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana alert rules use today only time window Kibana elastic-stack-alerting	2	591	June 28, 2023
Turn off Alert during night Kibana elastic-stack-alerting	2	981	September 10, 2021
Filtering by date and time as different fields Elasticsearch	10	11971	July 5, 2017
How to filter date field by days and hours separately Elasticsearch	6	7368	September 3, 2019
Trying to do a simple query filter Elasticsearch	6	1038	April 2, 2019

Elasticsearch Query setting date conditions

Related Topics