Unable to filter older indices

pbmamatha · September 19, 2023, 12:16pm

Hello,

I am tasked to create an alert for indices older than 3 days, however, the filter query is not working. Could you please help me identify the issue.

Have tried the below queries:


1. GET /_search
{
    "query": {
        "bool": {
            "filter": [
                {
                    "range": {
                        "@timestamp": {
                            "lt": "now-3d"
                            //"l": "now"
                        }
                    }
                }
            ]
        }
    }
 
}

2. GET /_cat/indices?v&filter_path=creation.date:<now-3d&h=uuid,creation.date.string&s=creation.date:desc

3. GET _cat/indices?v&s=index&h=uuid,creation.date | awk '$2 < "now-3d" {print $1}'

Please help!

system · October 17, 2023, 12:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.