Query the last 5 minutes

tomer · March 26, 2017, 1:48pm

Hi,

I am trying to look for a solution to query the last 5 minutes, depending on what time is it.
That means I dont want to manually enter the time such as:

GET filebeat-*/log/_search
{"query" : {
 "range" : { 
            "msgSubmissionTime" : { "from" : "January 18th 2017, 17:17:56.973", "to" : January 18th "2017, 17:22:56.973" } 
        } 
  }
}

I will like to do something like this:

GET filebeat-*/log/_search
{"query" :
   {
       "range" : { 
            "msgSubmissionTime" : { "from" : "5 minutes ago", "to" : "now" } 
        } 
   }
}

Thanks for any help

tomer · March 26, 2017, 2:13pm

I found this:

https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html

I had to change it a little bit (for some reason with my ES the concept of now/m or now/m)

Here is my curl:

curl -XGET '192.168.1.114:9200/filebeat-*/log/_search?pretty' -H 'Content-Type: application/json' -d'
{
    "query": {
        "range" : {
            "msgSubmissionTime" : {
                "gte" : "now-2m",
                "lt" :  "now"
            }
        }
    }
}

system · April 23, 2017, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.