How to search fields with dates in KQL

reswob · November 5, 2019, 8:35pm

So this link:

nor this link:
https://www.elastic.co/guide/en/kibana/current/kuery-query.html

document how to use KQL to search fields with dates. We have a creation_date field (not the @timestamp) and would like to search on it. When I tried to search:

creation_date > 2019-11-04T09:00:00

it told me that I was using lucene syntax. I also tried:

creation_date > -2d

But got an error.

Is there a page/post that has already covered this?

Thanks

reswob · November 5, 2019, 8:48pm

It SEEMS to be this link: https://www.elastic.co/guide/en/elasticsearch/reference/7.3/common-options.html#date-math

But I still get complaints that I'm using lucene...

Marius_Dragomir · November 18, 2019, 5:35pm

There is a selector at the end of the search bar that lets you switch from Lucene to KQL. I think starting 7.4.0 KQL has been made the default one.

system · December 16, 2019, 5:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lucene Query Language using now date time Kibana	4	6691	July 27, 2021
What's the Lucene equivalent of KQL query: now/d Kibana	4	295	November 9, 2022
Searching for null value in kibana Kibana kql-kibana-query-language	5	7007	October 15, 2021
Comparing two date fields in Kibana Kibana	11	12403	July 6, 2017
Upgrade to 7.4.2 no results with KQL query Kibana kql-kibana-query-language	4	564	January 7, 2020

How to search fields with dates in KQL

Related topics