for a log describe a precedure, there will a start time and an end time.
can we generate message counts chart per start time field and per end time field other than the timestamp field which is the log input time?
if the timestamps are save as date fields in elasticsearch you can query them like date fields.
like described here: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html#ranges-on-dates
can this done at graylog GUI ?
your query in graylog would look like:
gl2_input_time:[2018-03-07T15:02:20 TO 2018-03-07T15:02:25]
where the selected range must be present in the date picker for the query.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.