oalimerko
November 16, 2022, 10:31am
1
Dear all,
i have the query below for monitoring the logs of my application in case any issue with database connection occurs in the last 6min:
GET _search
{
"query": {
"query_string": {
"query": "message:\"com.microsoft.sqlserver.jdbc.SQLServerException\" AND @timestamp:(>=now-6m AND <now)"
}
},
"aggs": {
"application": {
"terms": {
"field": "kubernetes.labels.app.keyword"
}
}
}
}
My question is how can i define the timestamp like this:@timestamp : (between 2022-11-16T10:00:00 and 2022-11-16T10:05:00)
The idea is to get some error for a particular timestamp and not for the last 6min
Hi Oltion,
I assume you want to query for logs with timestamps between two dates? Have a look at the range query with date support. These examples should help:
Example range query on dates Example range query with timezone
oalimerko
November 17, 2022, 10:33am
3
hi,
i have some issue when i combine query_string with range
Here is my query:
GET _search
{
"query": {
"query_string": {
"query": "message:\"com.microsoft.sqlserver.jdbc.SQLServerException\""
}
},
"range": {
"timestamp": {
"time_zone": "+01:00",
"gte": "2022-11-11T11:00:00",
"lte": "now"
}
}
}
but i get the error:
{
"error" : {
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "Unknown key for a START_OBJECT in [range].",
"line" : 7,
"col" : 14
}
],
"type" : "parsing_exception",
"reason" : "Unknown key for a START_OBJECT in [range].",
"line" : 7,
"col" : 14
},
"status" : 400
}
oalimerko
November 17, 2022, 11:39am
4
hi again,
as per doc i found out this solution wrapping timestamp with square brackets
GET _search
{
"query": {
"query_string": {
"query": "message:\"com.microsoft.sqlserver.jdbc.SQLServerException\" AND @timestamp:[2022-11-17T01:00+01:00 TO 2022-11-17T01:30+01:00]"
}
},
"aggs": {
"application": {
"terms": {
"field": "kubernetes.labels.app.keyword"
}
}
}
}
1 Like
system
December 15, 2022, 11:39am
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.