Reputation: 1059
Why is my timestamp range query returning nothing
I'm using elasticsearch open distro in order to create an alert system. But I have one issue with my elasticsearch query:
"search": {
"indices": ["test_alert"],
"query": {
"size": 3,
"aggregations": {},
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now",
"format": "epoch_second"
}
}
}
}
}
}
}
This is the query I use in my open-distro monitor. The problem is the now-1h doesn't seem to work, I always get an empty result. I tried with raw timestamps (in order to match and get results) and it worked well. I don't understand why the range is not working at all when I'm using now-1h.
Here is my mapping:
properties": {
"timestamp": {
"type": "date",
"format": "epoch_second"
},
"value": {
"type": "long"
}
}
Thanks for your help !
Upvotes: 1
Views: 1951
Answers (1)
Reputation: 16943
Your mapping says timestamp but your query has @timestamp. The two need to be consistently named. BTW there's nothing special about @timestamp -- it's just a convention. You can do range.gte now-1h on any datetime fields.
Correct mapping:
PUT test_alert
{
"mappings": {
"properties": {
"@timestamp": {
"type": "date",
"format": "epoch_second"
},
"value": {
"type": "long"
}
}
}
}
Upvotes: 1
Related Questions
- Elasticsearch timestamp range doesn't work
- Elasticsearch - Trouble querying for exact date with range query
- Elastic search fail to do a timestamp range query
- Elasticsearch time field and range query
- @timestamp range query in elasticsearch
- No exact match for RANGE query for a specific time
- Elasticsearch - Range query doesn't work
- ElasticSearch Date Range query returning all values
- Elasticsearch doesn't find value in range query
- Why does this range query returns empty results?