I need to check to see if two distinct logs are being generated every 15 min and every hour, so I'm trying to create two timeranges for two different indices -- one that checks for logs in the past 15 min and returns the latest log produced and the other that checks for logs in the past hour and returns the latest log produced. So far, the result is always for the past hour. For instance, if I send a call to the server at 2022-12-20T15:30:59.087Z , the result is 2022-12-20T14:30:59.087Z , exactly one hour before. I've tried everything but nothing worked. Below is the query I'm currently using. Any help is appreciated.
query_res = es.search(
index="winlogbeat-dc*",
body={
"size": 1,
"sort": [
{
"timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"_source": [
"agent.hostname",
"@timestamp"
],
"query": {
"bool": {
"must": [],
"filter": [
{
"range": {
"@timestamp": {
# "time_zone": "+01:00",
"format": "strict_date_optional_time||epoch_second",
"gte": "now-15m",
"lte": "now"
}
}
}
],
"should": [],
"must_not": []
}
}
}
)