这是我的查询
{
"filter": {
"bool": {
"must": [{
"range": {
"timestamp": {
"gte": "now-24"
}
}
}, {
"term": {
"program": "dashboard"
}
}]
}
}
}
elasticsearch中的数据样本:
{
"_index": "logstash-2015.09.14",
"_type": "logs",
"_id": "AU_MPG6xoSXeyoJeeaQ1",
"_score": 1,
"_source": {
"message": "testing for clustering--473983--https://github.com/mobz/elasticsearch-headThis will automatically download the latest version of elasticsearch-head from github and run it as ugin within the elasticsearch cluster.",
"@version": "1",
"@timestamp": "2015-09-14T14:23:16.000Z",
"host": "172.17.42.1",
"priority": 13,
"timestamp": "Sep 14 14:23:16",
"logsource": "cn1",
"program": "ubuntu",
"severity": 5,
"facility": 1,
"facility_label": "user-level",
"severity_label": "Notice",
"event_time": "2015-09-14 14:23:16 UTC"
}
}
我如何通过`
来自和迄今
in this query if timestamp in"时间戳":" 9月14日06:19:10"`这种格式请有人帮帮我。
答案 0 :(得分:0)
您可以使用:
{
"query": {
"bool": {
"must": [
{
"term": {
"program": "dashboard"
}
},
{
"range": {
"@timestamp": {
"from": "2015-09-14T20:56:52.404Z",
"to": "2015-09-14T20:57:02.686Z"
}
}
}
]
}
}
}
此致 阿兰
答案 1 :(得分:0)
如果要在event_time字段上进行过滤,请尝试以下操作:
{
"query": {
"bool": {
"must": [
{
"term": {
"program": "dashboard"
}
},
{
"range": {
"logs.event_time": {
"from": "2015-09-13",
"to": "2015-09-14"
}
}
}
]
}
}
}
此致 阿兰