Setting hour in KQL or Lucene

hadi_farzipour · July 3, 2022, 9:23am

Hello
I have @timestamp field which is in following format

Jul 3, 2022 @ 06:55:55.153

How can I filter logs between 06:00 and 10:00 without mentioning days and months in KQL or Lucene query language.

Tomo_M · July 3, 2022, 10:10am

I suppose you need runtime field or some sripts.
This video may help you.

hadi_farzipour · July 4, 2022, 6:00am

Thanks, However I do not want to use mapping solution in my issue, because in 8.x and later version it is not able to use mapping.

Tomo_M · July 4, 2022, 7:47am

Really? You can use runtime mappings also in 8.x.

hadi_farzipour · July 5, 2022, 5:02am

Thanks Tomo for your replies
I have resolved my problem by creating an scripted fields which contain following script.

return LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value.millis),ZoneId.of('Iran')).getHour()

system · August 2, 2022, 5:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lucene Query Language using now date time Kibana	4	6708	July 27, 2021
How to filter the particular timestamp in KQL field Kibana	2	1842	September 8, 2023
Lucene syntax equivalent for "Today"? Does it exist? Kibana	7	5150	November 20, 2019
What's the Lucene equivalent of KQL query: now/d Kibana	4	296	November 9, 2022
Search a date time field based off another date time field in the same log entry Kibana	2	364	May 30, 2019