Kibana SQL - How to do where clause for @timestamp?

kelk · September 23, 2020, 11:44am

hi
I'm able to successfully do the SQL , but if I need to compare to @timestamp it fails as it doesn't like @ symbol

POST _sql?format=txt
{
 "query": """
SELECT * from mytable
WHERE @timestamp < TODAY - INTERVAL 1 DAYS
"""
}

the above works if I put

WHERE event.created < TODAY - INTERVAL 1 DAYS

so something related to @ symbol

ylasri · September 23, 2020, 12:11pm

POST _sql?format=txt
{
  "query": """
SELECT * from "my-events"
WHERE "@timestamp" < TODAY() - INTERVAL 1 DAYS
"""
}

system · October 21, 2020, 12:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Essql timestamp query in canvas Kibana elastic-stack-sql , canvas	3	1152	July 31, 2020
Using @timestamp in a SQL Query Kibana elastic-stack-sql	2	1098	January 9, 2019
Using @timestamp field in SQL queries Elasticsearch	3	5183	October 8, 2018
KQL from @timestamp until 7days offset Kibana kql-kibana-query-language	5	3835	February 16, 2022
Elasticsearch SQL - How to query data only from yesterday Kibana elastic-stack-sql	2	1313	April 7, 2022