Hi guys, I'm stucked in trying to perform some date math inside logstash. In particular, for a specific event, I've to query elastic and retrieve all documents that are in a range of 30 minutes from the time written inside a log file.
I.E: date of the event is: 2018-10-02T03:50:000.000Z and I want to search documents that are in a range of +-30minutes.
I try the following inside the filter plugin of elasticsearch, but with no success:
query => "access_time: [%{eventDate}||-30m TO %{eventDate}]"
and this one:
query => "access_time: [%{eventDate}-30m TO %{eventDate}]".
Both does not work. Do you know what is the right syntax?
Thanks in advance!
.