Hi,
I am looking for a way to get logs from a concrete hour during all days from a week.
That is, after selecting the week in the Absolute time frame, I wanted to get all the log that happened between 4h to 5h for all days then I try the next query:
timestamp:" 04:*"
But I didn’t get any result.
Is it possible?
For what I found 2 years ago was not possible. If it is still the case, someone knows if there is any plans to implement it.
Thanks
Try something like this:
timestamp:["now/d+4h" TO "now-1d/d+5h"] OR timestamp:["now-1d/d+4h" TO "now-2d/d+5h"] OR timestamp:["now-2d/d+4h" TO "now-3d/d+5h"] OR timestamp:["now-3d/d+4h" TO "now-4d/d+5h"]
Results: today from 4:00 - 5:00 (UTC), day before and so on
If this is something you want to do regularly, then just extract the hour from the timestamp to it’s own field (ts_hour?) as part of your normal ingest and then search on that field for a week.
I think that having the feature of querying over the timestamp field will be nice feature for Graylog.
In the meantime as this for something punctual the answer of @shoothub works for me.
Thanks to all for your answers.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.