Suppose you had an elasticsearch query but want to find out the time period during which the query would return results (for example, when tracking a spike in latency/load on a service).
Running esbisect '<query>'
will give you the time period (within the last two days) during which the events occured.
e.g. assuming you track events of type http-transaction
with a field latencySeconds
, running
esbisect 'http://yourelasticsearch.host:9200/_search?q=eventType:http-transaction%20AND%20latencySeconds:{10%20TO%20*}'
Would find the period within the last two days in which the latency spiked above 10 seconds.