Eql with time range

mary-20 · November 12, 2023, 1:30pm

Hi guys,
I'm looking for EQL to match logs with a timestamp within the last 5 minutes.
I have read a with maxspan statement, but it has some limitation:

It must be used with sequence
it starts at the first event’s timestamp (not now() ).

How can I do this?

system · December 10, 2023, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
EQL query help SIEM eql-elastic-query-language	1	407	November 15, 2021
EQL Search by timestamp Elastic Security eql-elastic-query-language	1	280	October 27, 2021
EQL match event A only if event B does not occur within maxspan Elasticsearch eql-elastic-query-language	1	298	December 21, 2022
EQL Sequence doesn't correlate events having same exact timestamp? Elastic Security	5	748	June 9, 2021
Elastic Search by Date Range Logs	2	459	November 23, 2021

Eql with time range

Related topics