Hello
I have @timestamp field which is in following format

Jul 3, 2022 @ 06:55:55.153

How can I filter logs between 06:00 and 10:00 without mentioning days and months in KQL or Lucene query language.

I suppose you need runtime field or some sripts.
This video may help you.

Thanks, However I do not want to use mapping solution in my issue, because in 8.x and later version it is not able to use mapping.

Really? You can use runtime mappings also in 8.x.

Thanks Tomo for your replies
I have resolved my problem by creating an scripted fields which contain following script.

return LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value.millis),ZoneId.of('Iran')).getHour()

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.