Timestamp between now and now-24h

Digital · July 16, 2019, 1:16pm

Hello,

Currently I used a curl to get the data on one index. But now I would like to receive the data between now, now-24h.
However I receive only 10 data when I see the same time rang on Kibana I can see a lot of data xD

So I don't understand...

Here is my query:

 /my_index/_search/ -d '{
"query": {
    "range": {
        "@timestamp": {
          "gte" : "now-24h",
          "lt" :  "now"
        }
      }
},
"_source": ["client_ip", "@timestamp", "responseStatus"]

}

Can you help me on this part?

Why I use now on the timerange? Because I would like to execute this curl everyday .

Thank you

Digital · July 17, 2019, 8:47am

Hello,

I need someone to help me to understang the query with kibana.

Best regards

Digital · July 18, 2019, 7:44am

We can't help me ?

Christian_Dahlqvist · July 18, 2019, 11:08am

You need to specify the size you want returned. The default is 10.

Digital · July 18, 2019, 11:55am

Han ok.

But I don't know exactly how many I can receive the data
Sometimes I can receive 50 or 300 datas

it is not possible ?

Christian_Dahlqvist · July 18, 2019, 12:03pm

Then set size a bit higher.

Digital · July 18, 2019, 1:00pm

Ok Thanks you I can understand.
However, If I would like to have the for the last 24h. Is my query is correct?

Because I don't have receive the date present in my discover

Because every 30min I can receive 55 000 data and with the size I can use 10000 max. I'm really stuck on that.

Christian_Dahlqvist · July 19, 2019, 5:17am

If you need to retrieve over 10000 documents, you should use a scroll query.

system · August 16, 2019, 5:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.