Query an Elasticsearch index for one field, all documents in last 24 hours?

Meme-ento · October 5, 2023, 1:57pm

Hi There.

I'm trying to make a simple get request to my elk index.
I have the right credentials, hostname, index name, etc.
my ELK version is 6.8.6

But for what I'm trying to get I cannot figure out how to construct the GET.

I'm only trying to get 1 field. For all documents in the last 24 hour period.

Any advice I would take, or resources on how to actually form these queries to get this index data.

PodarcisMuralis · October 5, 2023, 7:40pm

GET /<index_name>/_search
{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-24h",
        "lte": "now"
      }
    }
  },
  "fields": ["<field_name>"]
}

system · November 2, 2023, 7:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search for last 24 hours logs based on field? Elasticsearch	2	4572	April 5, 2020
Help understanding range query with date Elasticsearch	1	302	May 12, 2020
@timestamp range - searching across indices Elasticsearch	5	2303	July 5, 2017
How to get a count by index id Elasticsearch	2	687	August 25, 2017
View Data from specific index over 24hr period Kibana	4	761	December 9, 2021

Query an Elasticsearch index for one field, all documents in last 24 hours?

Related topics