ESQL Specifiy time filter

I'm trying to use the python elasticsearch library to pull data using the query function. I wanted to specify the timerange for the query to run on. How can this be done? Is there a way to specifiy the timerange in esql or should this be defined with the filter parameter? If so, how?

Use the WHERE command

There is even an example in the docs

You can use relative or absolute times

Thanks I used a query like below,
FROM my-test-index | WHERE @timestamp > NOW() - 1 hour | limit 5
But I get the error,
"Invoking Elasticsearch client. Caught exception <class 'elasticsearch.BadRequestError'>."

What version... older version you had to backquote fields with special characters

FROM logs-* | WHERE `@timestamp` > NOW() - 1 hour | limit 5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.