Hello.
I'm trying to search for a pattern with a specific timestamp but only get empty results. What would be the right searchstring for doing something like this?
ssh AND timestamp:[2016-05-01 TO 2016-05-02]
thanks and best regards
t.
1 Like
I think you need double quotes around your dates.
@timestamp:["2016-04-29" TO "2016-04-30"] worked for me on some sample data.
Scratch my previous comment, I tried it without double quotes and my example query still worked. Are you sure the range you're searching for in your query and the time range selected via the time picker (top right corner of the page) don't conflict?
That was the missing hint. I thought the time range via time picker is not related when i search the timestamp. Thank you.
cheers
t.