如何在基巴纳做一个时间范围的搜索 [英] How to do a time range search in Kibana

问题描述

我们正在使用ELK进行日志聚合。可以搜索在特定时间范围内发生的事件。假设我想看看上个月10点到11点发生的所有例外情况。

是否可以从@timestamp中提取时间部分，并在感谢Magnus，他指着我看脚本的领域。看看：
https://www.elastic.co / blog / kibana-4-beta-3-now-more-filtery

或

https://www.elastic.co/guide/en /elasticsearch/reference/1.3/search-request-script-fields.html

不幸的是，您无法在查询中使用这些脚本字段，而只能在可视化中使用。

所以我采取了一种解决方法，并使用logstashs drop filter来删除我不想在Kibana中首先出现的事件。这不是完美的，因为明显的原因，但它做的工作。

We are using the ELK for log aggregation. Is it possible to search for events that occured during a particular time range. Lets say I want to see all exceptions that occurred between 10am and 11am in last month.

Is it possible to extract the time part from @timestamp and do a range search on that somehow (similiar to date() in SQL)?

解决方案

Thanks to Magnus who pointed me to looking at scripted fields. Take a look at: https://www.elastic.co/blog/kibana-4-beta-3-now-more-filtery

or

https://www.elastic.co/guide/en/elasticsearch/reference/1.3/search-request-script-fields.html

Unfortunately you can not use these scripted fields in queries but only in visualisations.

So I resorted to a workaround and use logstashs drop filter to remove the events I don't want to show up in Kibana in the first-place. That is not perfect for obvious reasons but it does the job.

这篇关于如何在基巴纳做一个时间范围的搜索的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！