Subtracting time in elasticsearch query

Mahdy_S · November 29, 2016, 3:41pm

If I want to query event in a "relative" time window, I can do it in elasticsearch if my reference point is the current time "now". So I can say I want to query documents in the last 24 hours by sending the following query:

GET _search
{
	"query" : {
		"range":{
			"@timestamp" : {
				"gte":"now-1d",
				"lt":"now"
			}
		}
	}
}

However, I can't find a way to do this based on a timestamp that I can specify. So what I need is something similar to e.g. {"gte":"2016-11-13T18:35:08.219Z-1d","lt":"2016-11-13T18:35:08.219Z"}. Is there any query format which makes this possible?

nik9000 · November 29, 2016, 7:04pm

It looks like you can replace now with a date string ending in ||. So says the docs. So I expect "gte":"2016-11-13T18:35:08.219Z||-1d","lt":"2016-11-13T18:35:08.219Z"} to work.

Mahdy_S · November 30, 2016, 7:55am

Yes this works. Thanks a lot!

system · December 28, 2016, 7:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query with Date filter Elasticsearch	3	966	February 8, 2018
Current time value in ES? Elasticsearch	3	1173	July 6, 2017
Querying documents for the past 10 minutes is not working Elasticsearch	10	3583	November 7, 2017
Filtering by Range Elasticsearch	5	6712	January 26, 2018
How can i retrieve timebased index from elasticsearch using python script Elasticsearch	11	7544	October 12, 2018

Subtracting time in elasticsearch query

Related topics