Datetime fields have five types of search syntaxes
-
YYYY-MM-DDmatches all entries on this day, for example,start:2021-12-01for all processes started on Dec 1, 2021. -
YYYY-MM-DDThh:mm:ddmatches all entries within the next 24 hours from this date and time, for example,start:2021-12-01T22:15:00for all processes started between Dec 1, 2021 at 22:15:00 to Dec 2, 2021 at 22:14:59. -
[YYYY-MM-DD TO YYYY-MM-DD]matches all entries between, for example,start:[2021-12-01 TO 2021-12-31]for all processes started in Dec 2021. -
[YYYY-MM-DDThh:mm:ss TO YYYY-MM-DDThh:mm:ss]matches all entries between, for example,start:[2021-12-01T22:15:00 TO 2021-12-01:23:14:59]for all processes started in Dec 1, 2021 within the given time frame. -
-Xhrelative time calculations matches all entries with a time betweenNOW-10handNOW. Support units supported are h: hours, m: minutes, s: seconds as observed on the host, for example,start:-24hfor all processes started in the last 24 hours.
As with counts, YYYYMMDD can be replaced the wildcard *, for example, start:[2022-01-01 TO *] for any process started after 1 Jan 2022.
