Skip to content

Commit 22e3307

Browse files
marciwmarciw
authored
Document ?_tstart and ?_tend in Kibana (elastic#114965) (elastic#115787)
* Document ?_tstart and ?_tend in Kibana * Edits: restructure, be clearer (cherry picked from commit 2b6828d)
1 parent e7b5076 commit 22e3307

File tree

1 file changed

+35
-5
lines changed

1 file changed

+35
-5
lines changed

docs/reference/esql/esql-kibana.asciidoc

Lines changed: 35 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -171,14 +171,44 @@ FROM kibana_sample_data_logs
171171
[[esql-kibana-time-filter]]
172172
=== Time filtering
173173

174-
To display data within a specified time range, use the
175-
{kibana-ref}/set-time-filter.html[time filter]. The time filter is only enabled
176-
when the indices you're querying have a field called `@timestamp`.
174+
To display data within a specified time range, you can use the standard time filter,
175+
custom time parameters, or a WHERE command.
177176

178-
If your indices do not have a timestamp field called `@timestamp`, you can limit
179-
the time range using the <<esql-where>> command and the <<esql-now>> function.
177+
[discrete]
178+
==== Standard time filter
179+
The standard {kibana-ref}/set-time-filter.html[time filter] is enabled
180+
when the indices you're querying have a field named `@timestamp`.
181+
182+
[discrete]
183+
==== Custom time parameters
184+
If your indices do not have a field named `@timestamp`, you can use
185+
the `?_tstart` and `?_tend` parameters to specify a time range. These parameters
186+
work with any timestamp field and automatically sync with the {kibana-ref}/set-time-filter.html[time filter].
187+
188+
[source,esql]
189+
----
190+
FROM my_index
191+
| WHERE custom_timestamp >= ?_tstart AND custom_timestamp < ?_tend
192+
----
193+
194+
You can also use the `?_tstart` and `?_tend` parameters with the <<esql-bucket>> function
195+
to create auto-incrementing time buckets in {esql} <<esql-kibana-visualizations,visualizations>>.
196+
For example:
197+
198+
[source,esql]
199+
----
200+
FROM kibana_sample_data_logs
201+
| STATS average_bytes = AVG(bytes) BY BUCKET(@timestamp, 50, ?_tstart, ?_tend)
202+
----
203+
204+
This example uses `50` buckets, which is the maximum number of buckets.
205+
206+
[discrete]
207+
==== WHERE command
208+
You can also limit the time range using the <<esql-where>> command and the <<esql-now>> function.
180209
For example, if the timestamp field is called `timestamp`, to query the last 15
181210
minutes of data:
211+
182212
[source,esql]
183213
----
184214
FROM kibana_sample_data_logs

0 commit comments

Comments
 (0)