I have an issue with a dataset that we imported. The source marked the midnight timestamps as 2400 on the previous day. After ingestion, that time has been adjusted to 0000 but the day is still the previous day.
So, I need to find all documents with a timestamp of 00:00 and increment the day by +1.
I'm having trouble getting a query to work. I found an example:
But it appears as though the filter option is no longer valid.
So far what I have which seems to run but doesn't produce any results is:
POST /western-coop-sub-meters/_search
{
"query": {
"bool": {
"must": [
{"match": {
"Substation": "15"
}
},
{
"match": {
"time": "00"
}
}
]
}
}
}
My current @timestamp contains both date and time so I don't have a separate time field. I'm not opposed to creating a scripted field, but it seems like there should be a more eloquent way to tackle this.