Configuring Time Range Query Filters

[ryanb]

Hello,

I am setting up a dashboard and would like to specify a query filter to narrow down the time (i.e. something like "from: now -3d to: now"). Because I want the end time to be "now", I cannot do this by clicking and dragging on the histogram. It seems the only way to add a custom filter is as a custom query string. I have looked at the documentation for elastic search, but am having trouble crafting such a range filter. Can you give me a few examples?

Thanks,
Ryan

[jolson]

No problem - the range can be specified in the upper-right corner of the web GUI:

2015-09-21 13_16_16-Dashboard • Nagios Log Server - Firefox Developer Edition.png

It sounds like you'll need to use the 'custom' range to specify the filter. Once the proper filter is in place, feel free to press the 'Save' button to save your current dashboard.

[weveland]

Using Lucene query language I've used.

@timestamp:[ now-3d TO now ]

However I think what would better suit your purpose is to change the dashboard time selector.

Click the gear first, then add the value you want to the time selector or auto-refresh. Then hit save.

time selector.png

Just select the new 3d option from the dropdown and save the dashboard.

Wham bam Thank you ma'am..

--
Wayne

[jolson]

Good stuff weveland, thank you.

[weveland]

Hey. You helped me out this morning. Least I could do

[ryanb]

Thank you, jolson and weveland. These answers were both helpful.

I am all set, so Support, please feel free to close out the thread.

[jolson]

Will do.