Search Kibana for Out of Hours Logs

MultiplierMultiplier · December 20, 2017, 1:58pm

Hi All,

I would like to search for logs with the field 'Target'UserName' that are from 19:00:00 until 07:00:00. This would allow me to monitor for out of hours activity for our users. I understand how to find logs with the field 'TargetUserName', I use exists:TargetUserName. I just need help with showing on logs with a TimeStamp from 7pm until 7am. I have tried the below Regex:

TimeStamp:/(\d{4}-\d{2}-\d{2}\s(19|20|21|22|23|01|02|03|04|05|06|1|2|3|4|5|6):\d+:\d+)/

When I run that Regex query I see no logs.

EDIT:
Here is an example of the TimeStamp field so you can see the format:

Dec 20 14:01:00

Any ideas?

Cheers,

George

Nathan_Reese · December 20, 2017, 6:53pm

I would recommend re-indexing your data and adding a new field called minuteOfDay that contains the time of day in minutes (a value between 0 and 1440). Then you can simply query for something like minuteOfDay: [0 TO 420] OR minuteOfDay: [1140 TO 1440]

MultiplierMultiplier · December 20, 2017, 7:22pm

All of my logs are coming from Graylog, how would I go about parsing a single field into another field?

I would need to parse TimeStamp -> HourOfDay.

How would I go about doing this?

Cheers

George

system · January 17, 2018, 7:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp between certain hours any day? Kibana	3	994	July 18, 2020
Rule That Alerts When Logins Are Past a Certain Time Elastic Security	2	481	October 5, 2022
Scripted field HourOfDay() Kibana	8	14370	July 10, 2017
Get data for time range window Kibana	5	7724	January 11, 2017
Scripted field doc['@timestamp'].date.hourOfDay returs nothing Kibana	6	3180	November 19, 2019

Search Kibana for Out of Hours Logs

Related topics