I am exploring a query method in Kibana to filter the values of field in the index document that only appear after certain date and time, like yesterday. Sorry I am not familiar with the query syntax but curious why no one had the same challenge before.
Any help would be greatly appreciated.
Zhigang
Hi @visioncloud. You can add a filter for a field that exists. And you can couple that with the values in the Date Picker. Here is an example.
But maybe I am misunderstanding your question. If so, can you give me an example of documents you have and how you want to visualize them?
Thanks for the reply but I am looking for different filtering. Say I have these documents in my index
{"device_id": "aaaa", "event": "activated", "timestamp": "2019-08-24 15:15"}
{"device_id": "bbbb", "event": "activated", "timestamp": "2019-06-20 15:15"}
{"device_id": "aaaa", "event": "offline", "timestamp": "2019-11-24 15:15"}
{"device_id": "cccc", "event": "activated", "timestamp": "2019-11-25 15:15"}
{"device_id": "bbbb", "event": "offline", "timestamp": "2019-11-20 15:15"}
I want to find out the documents whose earliest timestamp is after a date, e.g., 2019-09-01, in this case I will get only device_id "cccc". In short I am only looking for documents whose first timestamp is after a cutoff date.
Since I need to use filter in visualizations and I would like to how to use query in Kibana discover or filter query.
Thanks,
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
