Hello
I have @timestamp field which is in following format
Jul 3, 2022 @ 06:55:55.153
How can I filter logs between 06:00 and 10:00 without mentioning days and months in KQL or Lucene query language.
I suppose you need runtime field or some sripts.
This video may help you.
1 Like
Thanks, However I do not want to use mapping solution in my issue, because in 8.x and later version it is not able to use mapping.
Thanks Tomo for your replies
I have resolved my problem by creating an scripted fields which contain following script.
return LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value.millis),ZoneId.of('Iran')).getHour()
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.