From 48df620b1d30a9dcd08423204b66b453e50e587b Mon Sep 17 00:00:00 2001 From: Alex Close Date: Mon, 4 Jan 2021 12:44:52 +0000 Subject: [PATCH] Add timestamp range example to kql docs A few folks have asked me if it is possible to do timestamp ranges by using "now" in kql. This was missing from an example so I have added it to the docs. --- docs/discover/kuery.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/discover/kuery.asciidoc b/docs/discover/kuery.asciidoc index c1d287fca1f44..feb16190cb34b 100644 --- a/docs/discover/kuery.asciidoc +++ b/docs/discover/kuery.asciidoc @@ -111,11 +111,11 @@ tags:(success and info and security) [discrete] === Range queries -KQL supports `>`, `>=`, `<`, and `<=`. For example: +KQL supports `>`, `>=`, `<`, and `<=` on numeric and date types. For example: [source,yaml] ------------------- -account_number >= 100 and items_sold <= 200 +account_number >= 100 and items_sold <= 200 and @timestamp >= now-5m ------------------- [discrete]