Elasticsearch time-range query and data Elasticsearch time-range query and data elasticsearch elasticsearch

Elasticsearch time-range query and data


elasticsearch kibana-6

This query will return the documents from last 1 hr:

{   "query": {     "range": {       "@timestamp": {         "gte": "now-1h",         "lt": "now"       }     }   } }

This query will return the documents where tag is blocked and is from last 1hr:

{  "query": {    "bool": {      "must": [        {          "match": {            "tags": "blocked"          }        },        {          "range": {            "@timestamp": {              "gte": "now-1h",              "lte": "now"            }          }        }      ]    }  }}

You can limit the data to be returned using _source.

This query will only return the ipv4address:

{  "_source": "ipv4address",   "query": {    "bool": {      "must": [        {          "match": {            "tags": "blocked"          }        },        {          "range": {            "@timestamp": {              "gte": "now-1h",              "lte": "now"            }          }        }      ]    }  }}

If you want to apply more queries have a look at this.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last