Lucene expression query in discover tab

madou23 · May 4, 2018, 1:00pm

Hi all,
I'm trying to use lucene expression to get docs that were indexed in a specific range of hours of each day from discover tab.
I tried this query but it doesn't work
doc['@timestamp'].date.hourOfDay: [21 TO 23]
but I get this error
Failed to parse query [doc['@timestamp'].date.hourOfDay: [21 TO 23]] parse_exception: Encountered " "]" "] "" at line 1, column 16. Was expecting: "TO"
Is there any way to do it with only lucene expression query and not query dsl.

Bargs · May 4, 2018, 7:51pm

You can't write scripts inline in the lucene query language. You'll need to create a scripted field that represents the hourOfDay. Then you can create a filter on that field. It has to be a filter though, the query bar doesn't currently support scripted fields, but that's changing in 6.3 which is our next version.

Topic		Replies	Views
How to use Lucene expressions within a query to filter a search by hour Elasticsearch	2	1537	July 5, 2017
Using Lucene Query Syntax Elasticsearch	2	407	October 29, 2018
Scripted field doc['@timestamp'].date.hourOfDay returs nothing Kibana	6	3294	November 19, 2019
Setting hour in KQL or Lucene Kibana	5	664	August 2, 2022
Kibana Scripted Field HourOfDay Kibana painless	4	838	September 19, 2022

Lucene expression query in discover tab

Related topics