Hey there,
I want to get the entities that showed up in the last 24h and suppressing all those that had appeared earlier. The query looks like: > {
{ "aggs": { "entity" : { "terms" : { "field" : "name" }, "aggs" : { "first_seen" : { "min" : { "field" : "@timestamp" } }, "time_filter" : { "bucket_selector" : { "buckets_path" : "first_seen", "script" : "params.first_seen > now -1d" } } } } } }
But,I dont know how to include the current date in the script. I tried to pass it as an additional parameters to the script, however, without success.
Thanks in advance!