Hello. We are trying to run a query that finds logs between 21.00-6.00 (next morning). Is that possible?
Thank you
That’s the whole purpose of the time frame selector above the search field.
http://docs.graylog.org/en/2.4/pages/queries.html#time-frame-selector
Tthanks for the quick reply. Actually I want the Time frame selector for a psecific timeframe everyday. I dont want ro restrain logs based on specific date. Just time. And get alerted when a query matches between the aforementioned timeframe.
Regards
Ah, okay. Got you.
Unfortunately querying specific components of the message “timestamp” field is currently not possible with the query language used by Graylog.
As a workaround, you could split the time component of a message timestamp into individual fields using a pipeline rule and query these individual fields.
http://docs.graylog.org/en/2.4/pages/pipelines.html
Example:
When having these individual fields, you could build a query like the following one:
ts_hour:(>=21 AND <=6)
http://docs.graylog.org/en/2.4/pages/queries.html#search-query-language
2 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.