hi
I'm able to successfully do the SQL , but if I need to compare to @timestamp it fails as it doesn't like @ symbol
POST _sql?format=txt
{
"query": """
SELECT * from mytable
WHERE @timestamp < TODAY - INTERVAL 1 DAYS
"""
}
the above works if I put
WHERE event.created < TODAY - INTERVAL 1 DAYS
so something related to @ symbol
POST _sql?format=txt
{
"query": """
SELECT * from "my-events"
WHERE "@timestamp" < TODAY() - INTERVAL 1 DAYS
"""
}© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.