The purpose of my filter in Kibana is to get events which happened today (relative data) from 7 am until 6 pm (an event at 4 am would be thus omitted).
The only field I can query for the date is the timestamp. I has to be grater that today at 7 am and smaller than today at 6pm.
Something like :
{
"range": {
"@timestamp": {
"gte": "2023-07-14T09:01:24.075+02:00",
"lt": "now"
}
}
}
Something which won't work because it depends on the now timestamp :
{
"range": {
"@timestamp": {
"gte": "now-10h",
"lt": "now"
}
}
}
Maybe something like now-1d/d+18h ?!
The manual says something like :
Assuming now is 2001-01-01 12:00:00, some examples are:
now+1h - now in milliseconds plus one hour. Resolves to: 2001-01-01 13:00:00
now-1h - now in milliseconds minus one hour. Resolves to: 2001-01-01 11:00:00
now-1h/d - now in milliseconds minus one hour, rounded down to UTC 00:00. Resolves to: 2001-01-01 00:00:00
2001.02.01\|\|+1M/d - 2001-02-01 in milliseconds plus one month. Resolves to: 2001-03-01 00:00:00
Any ideas ?
You're right that now changes one every request to match the current time, but you can anchor it to the current day using /d and then adding hours as you see fit.
If now is 2023-07-17T10:12:23.456Z, then now/d is constant during the day 2023-07-17T00:00:00.000Z. You can then add 7hours, like this: now/d+7h which would also be constant 2023-07-17T07:00:00.000Z. You just need to make sure that it works the way you like depending on your time zone.
Sample query to select documents between 7am and 6pm today:
{
"query": {
"range": {
"@timestamp": {
"gte": "now/d+7h",
"lte": "now/d+18h"
}
}
}
}