Open search query to retrieve data of past 10 seconds with matching query

Question

I want create alert with extraction query. Query should fetch last 10 sec data and find the matching phrase

I have tried below getting the matching phrase but it is taking from all the logs which are present. i want this phrase should search in last 10 sec logs. in kibana i have tried its working fine because there are options to set the time here in open search I did not found such options

{
    "query": {
      "match_phrase": {
      "log": {
        "query": "happy world",
        "slop": 3,
        "analyzer": "standard",
        "zero_terms_query": "none"
      }
      }
    }
}

Answer 1

Try using now() function as part of range query on timestamp column

Answer 2

I have added below query and it's working fine.

{
    "query": {
        "bool": {
            "filter": [
                {
                    "range": {
                        "@timestamp": {
                            "from": "{{period_end}}||-1m",
                            "to": "{{period_end}}",
                            "include_lower": true,
                            "include_upper": true,
                            "format": "epoch_millis",
                            "boost": 1
                        }
                    }
                },
                {
                    "match_phrase": {
                        "log": {
                            "query": "hello word",
                            "analyzer": "standard",
                            "slop": 3,
                            "zero_terms_query": "NONE",
                            "boost": 1
                        }
                    }
                }
            ],
            "adjust_pure_negative": true,
            "boost": 1
        }
    },
    "aggregations": {}
}