How to do a time range search in Kibana

Question

We are using the ELK for log aggregation. Is it possible to search for events that occured during a particular time range. Lets say I want to see all exceptions that occurred between 10am and 11am in last month.

Is it possible to extract the time part from @timestamp and do a range search on that somehow (similiar to date() in SQL)?

Is Kibana's time range selector near the top-right corner what you're looking for? — Magnus Bäck, May 25 '15 at 06:24
@MagnusBäck hi no I meant I would like to search for all events that occurred between say 10 and 11 am on all day during last month. So I am looking for an "additional" time range filter/query param to add on top of the range selector. any idea? — markus, May 26 '15 at 05:50
Oh, I see. I believe that's possible with a scripted field. I've seen examples of it (possibly in Elastic's blog) but I don't recall the details. — Magnus Bäck, May 26 '15 at 06:09
Can't you just do this? { "query": { "range": { "@timestamp": { "gte": 1478511000000, "lte": 1478514600000 } } } } — Jean-François Beauchef, Nov 16 '16 at 14:28
@Jean-FrançoisBeauchef no I meant to search for all events that occurred between 10 and 11 am irespective of which day the event occurred. E.g. Event 1 on May 1st 10:17, Event 2 on May 3rd 10:23, Event 3 on May 7th 10;11 and so on... — markus, Nov 16 '16 at 17:17

score 6 · Accepted Answer · answered May 27 '15 at 07:49

Thanks to Magnus who pointed me to looking at scripted fields. Take a look at: https://www.elastic.co/blog/kibana-4-beta-3-now-more-filtery

or

https://www.elastic.co/guide/en/elasticsearch/reference/1.3/search-request-script-fields.html

Unfortunately you can not use these scripted fields in queries but only in visualisations.

So I resorted to a workaround and use logstashs drop filter to remove the events I don't want to show up in Kibana in the first-place. That is not perfect for obvious reasons but it does the job.

How to do a time range search in Kibana

1 Answers1

Linked