Time filter for the current day #1736

ahodasevich · 2025-11-27T12:40:01Z

ahodasevich
Nov 27, 2025

I'm writing a custom rule, inheriting from MetricAggregation.
I need to receive aggregated indicators for the current day every 10 minutes.
I'm using a filter, but it's being ignored. The request to elastic uses a range of 10 minutes.

filter:
-range:
   "@timestamp":
      gte: "now/d"
      lte: "now/d+1d"
run_every:
minutes: 10

Is it possible to obtain data for the current day?

jertel · 2025-11-27T14:21:13Z

jertel
Nov 27, 2025
Maintainer

Not really. ElastAlert 2's core is responsible for managing time. It records where it left off, and runs the next rule cycle based on that timing data. You can tweak the size of the search window using buffers and offsets but I don't believe there's anything that currently provides clean day boundaries.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Time filter for the current day #1736

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Time filter for the current day #1736

Uh oh!

Uh oh!

ahodasevich Nov 27, 2025

Replies: 1 comment

Uh oh!

jertel Nov 27, 2025 Maintainer

ahodasevich
Nov 27, 2025

jertel
Nov 27, 2025
Maintainer