I'm trying to use the python elasticsearch library to pull data using the query function. I wanted to specify the timerange for the query to run on. How can this be done? Is there a way to specifiy the timerange in esql or should this be defined with the filter parameter? If so, how?
Use the WHERE
command
There is even an example in the docs
You can use relative or absolute times
Thanks I used a query like below,
FROM my-test-index | WHERE @timestamp > NOW() - 1 hour | limit 5
But I get the error,
"Invoking Elasticsearch client. Caught exception <class 'elasticsearch.BadRequestError'>."
What version... older version you had to backquote fields with special characters
FROM logs-* | WHERE `@timestamp` > NOW() - 1 hour | limit 5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.