How do I apply Date Range filter?

milincjoshi · October 13, 2016, 7:26pm

Hi
I am using Kibana to filter out the date between specific date range. I have the data in following format.

{
"_index": "xyz",
"_type": "logs",
"_score": 1,
"source": {
"log_timestamp": "9/12/2016 7:59:06 AM",
"@timestamp": "2016-09-12T14:59:06.000Z",
"hour": "14",
"date": "9/12/2016",
"weekday": "Mon",
"just_date": "2016-9-12",
"date_time": "2016-9-12",
}

I want to filter out the logs between September 2015, 21 09:00 AM to September 2015, 23 10:00 PM.

How do I manipulate data format or fields so that I can apply Date Range filter provided in Kibana to filter out the logs between above given date time range.

Also do we require any additional Sub-bracket to be applied or just adding a Date Range filter will do the work?

Joe_Fleming · October 13, 2016, 10:30pm

The Date Range aggregation doesn't work that way. It's used to break your data apart by dates, not to "filter" the dates out of the dataset.

I believe you put JSON in the query bar to do what you need though. The data there would be queried like so:

"query": {
  "filtered": {
    "query": {
      <JSON HERE>
    }
  }
}

You can read more about the query syntax in the Elasticsearch docs.

You could probably also create a filter that you can edit to exclude that range, again, using the query syntax.