Hello,
I'm currently using the elk api to gather data between yesterday and today (12/19 @ 00:00:000 -- 12/20@00:00:000)
Would this be the equivalent of that using a range query?
"range": {
"timestamp": {
"gte": "now-1d/d",
"lte": "now/d",
}
}
Hi @hi_xavier
Yes in general that is correct
You can try a quick search to validate...
Of course for Today... the last timestamp will be only up to the current time...
GET logs-*/_search
{
"size": 0,
"query": {
"range": {
"@timestamp": {
"gte": "now/d-1d/d",
"lte": "now/d"
}
}
},
"aggs": {
"max": {
"max": {
"field": "@timestamp"
}
},
"min": {
"min": {
"field": "@timestamp"
}
}
}
}
Understood! Thanks @stephenb !
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.