Hi Experts,
This is the data between October and December of something.
I want to find data that have accessed by October but never accessed in December.
If I do what I think, the result should show b only. But it did not work well.
so I wrote in search bar like
@timestamp:[* TO 2018-10-31T23:59:59.999Z ] AND NOT @timestamp:[2018-12-01T00:00:00.000Z TO now ]
This is result.
What's the problem?
I don't think this is currently possible as-is. What you could do is write a script to enrich your existing data (perhaps using the re-index API), and add a new field which indicates whether or not the entity was accessed between a specific time range.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
