2

Can I make a range query on default timestamp field ignoring date values i.e. using only time in timestamp - say 2 hours of each day?

My intentions are to search for all the documents but exclude the documents indexed between 9 PM and 12 AM (I have seen example with date ranges in filtering).

timestamp example stands following:

"@timestamp": [
                  "2015-12-21T15:18:17.120Z"
               ]

Elasticsearch version: 1.5.2

Improve this question

1 Answer 1

Reset to default
1

My first idea would be to use the date math in Elasticsearch query, e.g. if you run your query at 1PM, this would work:

{
  "query": {
      "range" : {
            "@timestamp" : {
                "gte": "now-16h/h", 
                "lte": "now-1h/h"

            }
        }
  }
}

(watch out for the timezone though).

As far as I know, the only other possibility would be to use scripting.

Please note also that you are running a very old version of Elasticsearch.

Edit If you need simply absolute date, then check how your @timestamp field look, and use the same format, for instance on my Elasticsearch, it would be:

{
  "query": {
      "range" : {
            "@timestamp" : {
                "gte": "2015-03-20T01:21:00.01Z", 
                "lte": "2015-03-21T01:12:00.04Z"

            }
        }
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

intentionally, I wrote a date with year 2015 (its not like I am querying every day, I can query for a year old data)
Basically you just need to be careful as how are formatted your date, then you can simply use the same formatting with a range querw, see my edited version

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.