Gather Data from Yesterday Until Today

hi_xavier · December 20, 2023, 4:27pm

Hello,

I'm currently using the elk api to gather data between yesterday and today (12/19 @ 00:00:000 -- 12/20@00:00:000)
Would this be the equivalent of that using a range query?

"range": {
    "timestamp": {
        "gte": "now-1d/d",
        "lte": "now/d",
                   }
}

stephenb · December 21, 2023, 1:36am

Hi @hi_xavier

Yes in general that is correct

You can try a quick search to validate...

Of course for Today... the last timestamp will be only up to the current time...

GET logs-*/_search
{
  "size": 0, 
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now/d-1d/d",
        "lte": "now/d"
      }
    }
  },
  "aggs": {
    "max": {
      "max": {
        "field": "@timestamp"
      }
    },
    "min": {
      "min": {
        "field": "@timestamp"
      }
    }  
  }
}

hi_xavier · December 27, 2023, 4:19pm

Understood! Thanks @stephenb !

system · January 24, 2024, 4:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filtering by Range Elasticsearch	5	6708	January 26, 2018
Subtracting time in elasticsearch query Elasticsearch	3	4813	December 28, 2016
Lucene syntax equivalent for "Today"? Does it exist? Kibana	7	5101	November 20, 2019
Filter timestamp range on es5 Elasticsearch	4	1607	July 14, 2017
Range query blocks elasticsearch Elasticsearch	3	1247	September 19, 2017

Gather Data from Yesterday Until Today

Related Topics