hudi
Reputation: 16525
How to combine query_string and range of timestamp in elasticsearch
I have two query. One is searching in logmessage and second time in range of timestamp.
query = {
"query": {
"query_string" : {
"query" : "logmessage:test"
}
}
and
query = {
"query": {
"range" : {
"@timestamp" : {
"lte" : "2017-08-04"
}
}
}
How I can create one with both options ? I tried this:
query = {
"query": {
"query_string" : {
"query" : "logmessage:test"
},
"range" : {
"@timestamp" : {
"gte" : "2017-08-04",
"lte" : "now"
}
}
}
}
but with no success. There is some 400 error because of bad syntax I guess
Upvotes: 5
Views: 3550
Answers (1)
MartinSchulze
Reputation: 897
You are looking for a bool query https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-bool-query.html. You can compose multiple queries into one using should, must, must_not and filter clauses:
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"lte": "2017-08-04"
}
}
},
{
"query_string": {
"query": "logmessage:test"
}
}
]
}
}
}
Upvotes: 6
Related Questions
- Query timestamp range using elasticsearch-dsl-py
- Query by timestamp in ElasticSearch
- timestamp in milliseconds and date range - elasticsearch query string
- Elasticsearch query date range does not work
- how to give timestamp in range query Elasticsearch
- Range query with elasticsearch for date saved as type "text"
- Elasticsearch query based on timestamp
- Elasticsearch relative time range query in Python
- ElasticSearch requests range timestamp in python
- elastic search and date range filters