Hi, I need to check the result of a Elasticsearch query, the query needs to vary depending on time, is there any Macro I can use to replace the "gte" and "lte" values on the body ? I can create a template or lld macro using an external script to source de data, but I wonder if there is a built-in function or Macro I can use.
Thanks in advance.
Pablo
ie.
{
"aggs": {
"2": {
"terms": {
"field": "FirewallMatchesActions.keyword",
"size": 5,
"order": {
"_count": "desc"
},
"missing": "__missing__"
}
}
},
"size": 0,
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
}
],
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1596748637221,
"lte": 1596770237221,
"format": "epoch_millis"
}
}
}
],
"filter": [
{
"match_all": {}
},
{
"match_all": {}
}
],
"should": [],
"must_not": []
}
}
}
Thanks in advance.
Pablo
ie.
{
"aggs": {
"2": {
"terms": {
"field": "FirewallMatchesActions.keyword",
"size": 5,
"order": {
"_count": "desc"
},
"missing": "__missing__"
}
}
},
"size": 0,
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
}
],
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1596748637221,
"lte": 1596770237221,
"format": "epoch_millis"
}
}
}
],
"filter": [
{
"match_all": {}
},
{
"match_all": {}
}
],
"should": [],
"must_not": []
}
}
}