Evaluating range of values using ES|QL

I was wondering if anyone might want to take a stab at this one. I have an ES|QL query I'm trying to get to work. Right now I'm able to get the field "http.status" to "not equal" a value of "200":

| eval failures = case(http.status != "200",1,0)

What I am struggling with is how to to get the field "http.status" to "not equal" a value from "200 to 299". Both of these I have tried and can't get to work:

| eval failures = case(http.status != ("200-299"),1,0)
| eval failures = case(http.status >= "200" && http.status <= "299",1,0)

Hi @Nama_Chintamani_Illo

So if these values are numeric this should work

from traces-apm-default
| where http.response.status_code is not null
| eval success = case(http.response.status_code >= 200 and http.response.status_code < 400, 1,0)
| keep @timestamp, http.response.status_code, success

If they are keyword you will need to convert to integer something like this

from traces-apm-default
| where labels.http_status_code is not null
| eval status_num = to_integer(labels.http_status_code)
| eval success = case(status_num >= 200 and status_num <= 400, 1,0)
| keep @timestamp, labels.http_status_code, success
1 Like