Reputation: 1789
How can I search on time ranges in Elasticsearch?
I have lots of data that looks like this:
{
"timestamp": "2015-04-23T14:35:43.511Z",
"component1Health": "false",
"area": "squad1"
}
{
"timestamp": "2015-04-23T18:03:22.911Z",
"component1Health": "true",
"area": "squad7"
}
I want to search on, say, all instances of
"component1Health": "false"
that occurred on any weekday between 8am and 8pm.
The docs at https://www.elastic.co/guide/en/elasticsearch/guide/current/_ranges.html show that it's easy to search on date ranges, eg
"range" : {
"timestamp" : {
"gt" : "2014-01-01 00:00:00",
"lt" : "2014-01-07 00:00:00"
}
}
but I can't work out what I'm doing wrong to extract the time. I've been through stackoverflow and the es forum etc but I can't crack it.
Can you help?
Thanks, Andy
Upvotes: 0
Views: 387
Answers (1)
Reputation: 10278
I don't think you can achieve that with a date range. A simple solution would be indexing a new integer field that contains the hour of day. So that your two documents look like:
{
"timestamp": "2015-04-23T14:35:43.511Z",
"hourOfTheDay": 14,
"component1Health": "false",
"area": "squad1"
}
{
"timestamp": "2015-04-23T18:03:22.911Z",
"hourOfTheDay": 18,
"component1Health": "true",
"area": "squad7"
}
And now you can do a similar range filter on that new field that look like:
"range" : {
"hourOfTheDay" : {
"gt" : 7,
"lt" : 21
}
}
Hope it helps.
Upvotes: 2
Related Questions
- Shards and replicas in Elasticsearch
- Removing Data From ElasticSearch
- Make elasticsearch only return certain fields?
- List all indexes on ElasticSearch server?
- elasticsearch bool query combine must with OR
- Elasticsearch query to return all records
- If I store a date in elastic search using a timestamp (e.g. 1428956853627), can I still query that record by day, without the time value?