pandaadb
commented
7 years ago The approach I outlines works perfectly well and fast. Closing this
Closed pandaadb closed 7 years ago
pandaadb
commented
7 years ago The approach I outlines works perfectly well and fast. Closing this
taraslayshchuk
commented
7 years ago '{"query":{"range":{"@timestamp":{"gte":"2016-08-10T00:00:00.000Z","lt":"2016-08-10T00:00:00.000Z"}}}}' should work fine in raw query mode(-r).
logstash-* if you specify this in -i arg it will query all indexes matching this mask. You can select any other mask like: logstash-2016-08-*, logstash-2015-* or logstash-2016-08-1*. It will query only indexes matching to selected mask.
You can query really ALL indexes with -i '_all'
Documentation: index – A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices
Hi,
this is not really a problem (unless it is :) ) but I wonder how to do range queries.
In the past - and i think that's what kibana does - I expanded my indexes to the specific dates. This option does exist here manually, however I wonder if that is necessary?
This query for example works for me as well:
'{"query":{"range":{"@timestamp":{"gte":"2016-08-10T00:00:00.000Z","lt":"2016-08-10T00:00:00.000Z"}}}}'Is this the intended way to query for ranges? And/or does that still query ALL indexes when I specify:
logstash-*Essentially what I am trying to work out is if I need to expand my indexes and then apply these to your script?
Kind regards and thank you for this cool script!
Artur