Setting hour in KQL or Lucene

hadi_farzipour · July 3, 2022, 9:23am

Hello
I have @timestamp field which is in following format

Jul 3, 2022 @ 06:55:55.153

How can I filter logs between 06:00 and 10:00 without mentioning days and months in KQL or Lucene query language.

Tomo_M · July 3, 2022, 10:10am

I suppose you need runtime field or some sripts.
This video may help you.

hadi_farzipour · July 4, 2022, 6:00am

Thanks, However I do not want to use mapping solution in my issue, because in 8.x and later version it is not able to use mapping.

Tomo_M · July 4, 2022, 7:47am

Really? You can use runtime mappings also in 8.x.

hadi_farzipour · July 5, 2022, 5:02am

Thanks Tomo for your replies
I have resolved my problem by creating an scripted fields which contain following script.

return LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value.millis),ZoneId.of('Iran')).getHour()

Topic		Replies	Views
Scripted field doc['@timestamp'].date.hourOfDay returs nothing Kibana	6	3289	November 19, 2019
Kibana Scripted Field HourOfDay Kibana painless	4	837	September 19, 2022
Extract hour from timestamp in Timelion Kibana timelion	2	972	September 29, 2017
How to filter date field by days and hours separately Kibana	2	353	March 22, 2021
Kibana Filter for a specific time range Kibana	3	34465	November 23, 2017