Hi,
I want to create a query that returns all the data from last 30 days and only between 09:00 AM - 18:00 PM.
My date field contains both the date and the time of the day (For example "time" : "2021-02-06T06:40:55Z").
Can I do something like or how can I achieve this with this mapping ?
'
'''
"query" :{
"bool": {
"must": [
{
"range": {
"time": {
"gte": "2021-02-01",
"lte": "2021-02-22"
}
}
},
{
"range": {
"time": {
"gte": "09:00:00",
"lte": "18:00:00"
}
}
}
]
}
}
'''
'
This sounds like a good use case for a scripted field. It allows you to calculate a "derived" value from a document (like the hour of day as a number from a date field).
It's quite common actually, the Logs sample data set includes this exact scripted field.
Beware of timezones though, as the hour of day depends on the configured time zone it's easy to run into confusing scenarios.
2 Likes
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.