Searching a specific time range. The @timestamp field format yyyyMMdd’T’HHmmss.
NOTE: Date and time sections are separated by T
@timestamp:[2017-04-10T00:00:00 TO 2017-04-11T00:00:00]
NOTE: Operators such as AND, OR, and NOT must be uppercase.
Separate two search terms with AND, search will only return entries that contain both search terms.
SearchTerm1 AND SearchTerm2
Separate two search terms with OR, search will return entreis that include either search term.
SearchTerm1 OR SearchTerm2
Using the NOT operator before a search term will exclude results containing the term
Nest each Function with ( ) and apply AND/OR/NOT Operators between nested searches
(SearchTerm1 AND SearchTerm2) OR (SearchTermA AND SearchTermB)
Adding AND @timestamp search to nested search
(SearchTerm1 AND SearchTerm2) OR (SearchTermA AND SearchTermB) AND @timestamp:[2017-04-10T00:00:00 TO 2017-04-11T00:00:00]