Filter by date field in Kibana

espogian · September 20, 2018, 8:58am

Hi,

I have a field correctly mapped as a datetime.
For example, a possible value could be August 21st 2018, 20:00:00.000

Now I would like to filter documents in Kibana by selecting a particular date/time or an interval using the "add a filter" feature. However, I'm having throuble understanding which are the accepted formats.
I found the documentation here being unclear: https://www.elastic.co/guide/en/elasticsearch/reference/6.3/common-options.html#date-math

For example, I can input "now" as a filter, but the date formatted as "2018-08-21 20:00:00" or "2018.08.21 20:00:00" does not work.
I also tried using Unix timestamp (e.g. "1534874400") but I don't think the number is interpreted by Kibana as I would expect.

Could someone provide some examples?

Edit: "2018-08-21T18:00:00.000Z" seems to be working

elastock · September 20, 2018, 9:12am

Query edit filter =>

  {
  "range": {
    "@timestamp": {
      "gte": "2018-06-05T20:00:00Z",
      "lt": "now",
      "format": "strict_date_optional_time"
    }
  }
}

espogian · September 20, 2018, 1:04pm

What if I want to filter only by time? E.g. all dates but only 20:00:00Z? Is it possible?

elastock · September 20, 2018, 2:10pm

I've already asked myself the question. But i did not investigated much more .

You can do it for 2018-06-05/Month

i'm not sure that you can do the same for hour/min/s

DOC date math

But you can do whatever you want like parsing the date with script query :
script query

system · October 18, 2018, 2:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.