Help to query in kibana

adityajain19 · October 18, 2017, 7:50pm

I have a field message in kibana which comes from elasticsearch

{ "dateTime" : "2017-10-18 19:34:48,464", "host":"", "port":"", "txnIdentifier":"f3179228-7c39-40a8-b964-c9cba811d378", "serviceName":"CXP_UPS_T_PROCESS_DEVICE", "executionTime":"150006", "threadId":"pool-3-thread-1", "sessionId":"", "keyInfo":{"eventMessage": "Ignoring device record : A90FF87C-08E3-461F-AF9C-8DDAFB6E0E12", "deviceId": "A90FF87C-08E3-461F-AF9C-8DDAFB6E0E12", "sourceCodeClassName":"DeviceRecordProcessingTaskAssembly", "sourceCodeLineNumber":"58"}, "channelName":"AgilexTest", "remoteHost":"", "errorCode":"", "errorMsg":"", "environment":"TEST", "component":"UPS-LAM", "request":"", "response":""}

is the value i want to aggregate on executionTime field with in, values = or > or < somthing like this. Can we do this ?

Regards
Aditya

Nathan_Reese · October 18, 2017, 10:11pm

Numerical fields can be queried by range with the lucene syntax executionTime:[1000 TO 2000]

Check your index mapping to determine the actual type of executionTime, but it looks like executionTime is stored as a string because its value is surrounded by quotes

system · November 15, 2017, 10:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.