I am trying to collect the count of a specific text from our indices for the past one day (12 am to 11:59 PM) and send the count details by email next day 6 am.
how to do specify the timerange in the search section. do we have any examples ?
for example, the below example will start the search from the current time and not from 12 am.
"range": {
"@timestamp": {
"from": "now-5m"
}
You can use the /d operator to round down to the nearest day. To get all of yesterday, you could do something like this:
"range": {
"@timestamp" : {
"gte": "now-1d/d",
"lt": "now/d"
}
}
Hi Larry, Thanks for the details.
Unfortunately this command didnt work for me but i have modified like this and it worked.
"range": {
"@timestamp": {
"from": "now-1d"
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.