How to filter the particular timestamp in KQL field

sanjeev1895 · August 11, 2023, 4:37pm

Hi
Can anyone tell me the how to search the particular timestamp in KQL.

Am I using the below format in logstash filter.
time_stamp 11/Aug/2023:16:31:44 +0000

So how to use this time_stamp field and grep the logs. Example, between 11/Aug/2023:16:31:44 to 11/Aug/2023:16:35:44

Thanks.

Rios · August 11, 2023, 4:58pm

You can use:

@timestamp >="2023-08-11T16:31:44.000" and @timestamp <="2023-08-11T16:35:44.000"
or simplier just use + for filtering on your field and "is between"
As time format you can use: 2023-08-11T16:33:46.299+02:00 or 2023-08-11T14:33:46.299Z .

system · September 8, 2023, 4:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.