I want create alert with extraction query. Query should fetch last 10 sec data and find the matching phrase
I have tried below getting the matching phrase but it is taking from all the logs which are present. i want this phrase should search in last 10 sec logs. in kibana i have tried its working fine because there are options to set the time here in open search I did not found such options
{
"query": {
"match_phrase": {
"log": {
"query": "happy world",
"slop": 3,
"analyzer": "standard",
"zero_terms_query": "none"
}
}
}
}
Try using now() function as part of range query on timestamp column