https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/issue-with-timestamp-range-start-and-timestamp-range-end-dates/m-p/616072#M3750 <DIV class="p-rich_text_section"><STRONG data-stringify-type="bold">Problem Description:</STRONG><BR /><STRONG data-stringify-type="bold">The date filtering functionality for start and end dates in the Elasticsearch search command on XSOAR does not seem to be working correctly. The command used is as follows:</STRONG>!es-search index="index-runtime-evts" query="queryTest" timestamp_range_start="-2y" timestamp_range_end="now"I also tried entering a specific timestamp, such as 2023-10-02T00:00:00Z in the timestamp_range_start field, but I keep getting an empty response.Additional Details:</DIV> <UL class="p-rich_text_list p-rich_text_list__bullet p-rich_text_list--nested" data-stringify-type="unordered-list" data-list-tree="true" data-indent="0" data-border="0"> <LI data-stringify-indent="0" data-stringify-border="0">If I omit timestamp_range_start and timestamp_range_end in the War Room/playbook, I can retrieve all logs from the specified index (index-runtime-evts).</LI> <LI data-stringify-indent="0" data-stringify-border="0">However, the goal is to filter the logs based on a 7-day range rather than retrieving the entire index history.</LI> </UL> Mon, 04 Nov 2024 14:07:16 GMT MF762 2024-11-04T14:07:16Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/issue-with-timestamp-range-start-and-timestamp-range-end-dates/m-p/616072#M3750 <DIV class="p-rich_text_section"><STRONG data-stringify-type="bold">Problem Description:</STRONG><BR /><STRONG data-stringify-type="bold">The date filtering functionality for start and end dates in the Elasticsearch search command on XSOAR does not seem to be working correctly. The command used is as follows:</STRONG>!es-search index="index-runtime-evts" query="queryTest" timestamp_range_start="-2y" timestamp_range_end="now"I also tried entering a specific timestamp, such as 2023-10-02T00:00:00Z in the timestamp_range_start field, but I keep getting an empty response.Additional Details:</DIV> <UL class="p-rich_text_list p-rich_text_list__bullet p-rich_text_list--nested" data-stringify-type="unordered-list" data-list-tree="true" data-indent="0" data-border="0"> <LI data-stringify-indent="0" data-stringify-border="0">If I omit timestamp_range_start and timestamp_range_end in the War Room/playbook, I can retrieve all logs from the specified index (index-runtime-evts).</LI> <LI data-stringify-indent="0" data-stringify-border="0">However, the goal is to filter the logs based on a 7-day range rather than retrieving the entire index history.</LI> </UL> Mon, 04 Nov 2024 14:07:16 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/issue-with-timestamp-range-start-and-timestamp-range-end-dates/m-p/616072#M3750 MF762 2024-11-04T14:07:16Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/issue-with-timestamp-range-start-and-timestamp-range-end-dates/m-p/616259#M3757 <P>Hello,</P> <P>&nbsp;</P> <P>I use two formats for my !es-search tasks:<BR />1. exact time in format&nbsp;2024-11-06T14:48:47.149000+00:00<BR />2. key words like in Kibana filtering through time, like "24 hours ago", "3 months ago", etc</P> <P>&nbsp;</P> <P>Hope this helps.</P> Wed, 06 Nov 2024 15:23:04 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/issue-with-timestamp-range-start-and-timestamp-range-end-dates/m-p/616259#M3757 JakubKostial 2024-11-06T15:23:04Z