最近我一直在使用基于时间戳的查询从我的ELK堆栈中获取数据并避免重复。现在我想实现在两个特定时间戳之间获取信息。
这是我当前的查询:
{
"query": {
"range": {
"runtime_timestamp": {
"gt": "2017-03-18T22:00:55.964Z"
}
}
},
"_source": {
"includes": [
"field1",
"field2"
]
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
我查看了文档,但我似乎无法找到方法。有任何想法吗?
答案 0 :(得分:2)
您可以在现有范围查询中添加“lt”或“lte”,如下所述:https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html
{
"query": {
"range": {
"runtime_timestamp": {
"gt": "2017-03-18T22:00:00.000Z",
"lt": "2017-03-18T22:10:00.000Z"
}
}
},
"_source": {
"includes": [
"field1",
"field2"
]
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}