CODEWITHSUNDEEP
dateelasticsearchsearchrange
Carlos Vázquez Losada
Carlos Vázquez Losada

Reputation: 950

Elasticsearch - Range query doesn't work

To try this error I have tried with Elasticsearch 2.x and 5.x but doesn't work in any of these.

I have lots of logs saved in my Elasticsearch instance. They have a field called timestamp whose format is "YYYY-MM-dd HH-mm-ss.SSS" (for example, "2017-11-02 00:00:00.000"). When I try to send a query via POSTMAN which is this:

{
  "query": {
    "range": {
        "timestamp": {
          "gte": "2017-10-21 00:00:00.000",
          "lte": "2017-10-27 00:00:00.000"
        }
      }
  }
}

I receive nothing and I there are more than 500 logs in that range. What am I doing wrong?

EDIT: My index (loganalyzer):

{
  "loganalyzer" : {
    "aliases" : { },
    "mappings" : {
      "logs" : {
        "properties" : {
          "entireLog" : {
            "type" : "string"
          },
          "formattedMessage" : {
            "type" : "string"
          },
          "id" : {
            "type" : "string"
          },
          "level" : {
            "type" : "string"
          },
          "loggerName" : {
            "type" : "string"
          },
          "testNo" : {
            "type" : "string"
          },
          "threadName" : {
            "type" : "string"
          },
          "timestamp" : {
            "type" : "string"
          }
        }
      }
    },
    "settings" : {
      "index" : {
        "refresh_interval" : "1s",
        "number_of_shards" : "5",
        "creation_date" : "1507415366223",
        "store" : {
          "type" : "fs"
        },
        "number_of_replicas" : "1",
        "uuid" : "9w3QQQc0S0K0NcKtOERtTw",
        "version" : {
          "created" : "2040699"
        }
      }
    },
    "warmers" : { }
  }
}

What I receive sending the request:

{
    "took": 429,
    "timed_out": false,
    "_shards": {
        "total": 5,
        "successful": 5,
        "failed": 0
    },
    "hits": {
        "total": 0,
        "max_score": null,
        "hits": []
    }
}

And status 200 (OK).

Upvotes: 0

Views: 4010

Answers (1)

Miek
Miek

Reputation: 1228

Your edit with the mappings indicates the problem. The reason you aren't getting any result is because it's attempting to find a "range" for the string you're providing against the values of the field in your index, which are also treated as a string.

      "timestamp" : {
        "type" : "string"
      }

Here's the elastic documentation on that mapping type

You need to apply a date mapping to that field before indexing, or reindex to a new index that has that mapping applied prior to ingestion.

Here is what the mapping request could look like, conforming to your timestamp format:

PUT loganalyzer
{
  "mappings": {
    "logs": {
      "properties": {
        "timestamp": {
          "type":   "date",
          "format": "YYYY-MM-dd HH-mm-ss.SSS"
        }
      }
    }
  }
}

Upvotes: 2

Related Questions