Hi all,
I'm trying to use lucene expression to get docs that were indexed in a specific range of hours of each day from discover tab.
I tried this query but it doesn't work
doc['@timestamp'].date.hourOfDay: [21 TO 23]
but I get this error
Failed to parse query [doc['@timestamp'].date.hourOfDay: [21 TO 23]] parse_exception: Encountered " "]" "] "" at line 1, column 16. Was expecting: "TO"
Is there any way to do it with only lucene expression query and not query dsl.
You can't write scripts inline in the lucene query language. You'll need to create a scripted field that represents the hourOfDay. Then you can create a filter on that field. It has to be a filter though, the query bar doesn't currently support scripted fields, but that's changing in 6.3 which is our next version.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.