paras
Reputation: 17
how to fetch last 30 minutes records from elastic search
I am using following query to fetch all last 30 minutes records using elastic search, but I'm getting parsable error on line "now-30m".
Query:
{
"query": {
"bool": {
"must": [
{
"match": {
"appName": "magnus-alerting-system"
}
},
{
"match": {
"countryCode": "US2"
}
},
{
"match": {
"eventCode": 201
}
},
{
"match": {
"extractName": "LaborDemand"
}
},{
"range": {
"eventPostTimestamp": {
**"gte": "now()-30m"**
}
}
}
]
}
}
}
Error on Postman while executing service: "root_cause": [ { "type": "number_format_exception", "reason": "For input string: \"now()-30m\"" } ]
PLease let me know how to correct it.
Upvotes: 1
Views: 7801
Answers (2)
christouandr7
Reputation: 169
The reason is because now()-30m in elasticsearch is wrong since the correct format is just "now". Documentation
Hence the correct query is the following:
{
"query": {
"bool": {
"must": [
{
"match": {
"appName": "magnus-alerting-system"
}
},
{
"match": {
"countryCode": "US2"
}
},
{
"match": {
"eventCode": 201
}
},
{
"match": {
"extractName": "LaborDemand"
}
},{
"range": {
"eventPostTimestamp": {
"gte": "now-30m"
}
}
}
]
}
}
}
Upvotes: 4
Nishant
Reputation: 7874
The correct syntax for using data math in range query for date field would be as below:
{
"range": {
"eventPostTimestamp": {
"gte": "now-30m"
}
}
}
Upvotes: 3
Related Questions
- How to search data of last 30 days with elasticsearch alias
- Return documents created less than an hour ago - Elasticsearch query
- Kibana: Limit results to last 5 minutes
- Elasticsearch time field and range query
- how to give timestamp in range query Elasticsearch
- elasticsearch: How to search the results within last 30 seconds?
- get last one hour records in elasticsearch
- elasticsearch query to get records between particular date using curl
- How to get data that was createdAt or updatedAt 30 seconds from the the current time PostgreSQL
- How can I search on time ranges in Elasticsearch?