SELECT islandtype FROM "index1*"
where '@timestamp' > now() - INTERVAL 200 minutes
group by islandtype
this give me blank it says no document found. but I know I have document.
when I remove where clause it give me output.
what am I doing wrong?
this in canvas
You have to use double quotes to escape the field name: "@timestamp". Otherwise it will compare it with the literal string @timestamp
that worked.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.