How to use NOW/d in elasticsearch search query

Sridhar · April 2, 2020, 8:36am

Dear all,

I'm trying to get today's data based on the keywords. here in below code, I have hardcoded the timestamp.. but I want to fetch the data for entier today. please help.

GET indicesname/_search
{

   "query": {
       "bool": {
           "must": [
               { "match": { "data.target.sampler": "CPU" }},
               { "match": {"data.row.Hostname.keyword":"HOST456-23"}},
               { "match": {"data.row.CPU": "Average_cpu"}},
               {"range": {"@timestamp": {"gte": "2020-04-02T00:01:30.614Z","lte": "2020-04-02T00:01:37.614Z"}}}
               ]
           }
       }
   }

dadoonet · April 2, 2020, 1:05pm

You can do:

GET indicesname/_search
{

   "query": {
       "bool": {
           "must": [
               { "match": { "data.target.sampler": "CPU" }},
               { "match": {"data.row.Hostname.keyword":"HOST456-23"}},
               { "match": {"data.row.CPU": "Average_cpu"}},
               {"range": {"@timestamp": {"gte": "2020-04-02","lt": "2020-04-03"}}}
               ]
           }
       }
   }

Or use indeed date math as explained here https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html#ranges-on-dates

system · April 30, 2020, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.