Hello. I'm trying to understand whether it is possible to make a full-text request and specify a time filter in the request, for example, for the last 15 minutes?
A request that I would like to improve :
{
"query": {
"match": {
"log": "my log"
}
}
}
I want to add something like this to my request:
{
"timestamp": {
"gte": "now-1d",
"lte": "now"
}
}
Any ideas on how to request this?
If my document contains a field "logs" : "text text log text" then I can find that document using the word "log" and filter the query for the last 15 minutes?
Can you show an example request?
There are pretty straightforward example in the doc I just referred you to
the Example
GET /_search
{
"query": {
"bool": {
"must": [
{ "match": { "title": "Search" }},
{ "match": { "content": "Elasticsearch" }}
],
"filter": [
{ "term": { "status": "published" }},
{ "range": { "publish_date": { "gte": "2015-01-01" }}}
]
}
}
}
so yours something like
GET /_search
{
"query": {
"bool": {
"must": [
{ "match": { "logs": "log"}}
],
"filter": [
{ "range": { "@timestamp": { "gte": "now-15m/m" }}}
]
}
}
}
If you want to do this ... you will need to learn a bit about the Query Language, lots of docs , examples etc.
More Here
Another way to learn this is to use Discover and then look at the query it Generates those queries can be a bit complex but it can be a good way to learn.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
