Is it possible to perform a search over a specified 30 minute timeframe over a number of days?
For example, I would like to query the CPU metric from metricbeat between 09:00 and 09:30 for the last 7 days and export this to CSV.
Would I need to do this for each day separately or is this possible via a more complex query?
You could create a scripted field that returns the time of day for each document, and then filter on that field for the time you want.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.