Hi team,
Can someone suggest; since I am using below with my search API, will it search the IP addresses starting from now - 24 hrs yesterday or will it take last 24 horus?
I need search IP addresses starting from now till - 24 hours. For example
Starting from today 15.00 till yesterday 15.00
{
"range": {
"@timestamp": {
"gte": "now-1d/d",
"lte": "now"
If you want to figure out what this date actually got converted to, check out this example:
DELETE test
PUT test/_doc/1
{"@timestamp":"2020-03-19T10:10:10Z"}
PUT test/_doc/2
{"@timestamp":"2020-03-20T10:10:10Z"}
PUT test/_doc/3
{"@timestamp":"2020-02-20T10:10:10Z"}
GET test/_mapping
GET test/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "now-1d"
}
}
}
}
GET test/_validate/query?rewrite=true
{
"query": {
"range": {
"@timestamp": {
"gte": "now-1d"
}
}
}
}
That should help you to understand the rounding logic and play around with it.
I am sorry but I really did not get it. Well my query was pretty simple how and what should be used to Search API so that I can fetch the result starting from now till minus 24 hours.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.