Kumar
Reputation: 209
Elastic search count query
I am trying to find occurences of a specific pattern within a given period of time.
I don't get the count for that pattern with Query 1 which has time parameter, but works with Query 2.
Can you please if there is any issue with Query 1.
Query 1:
GET/_count?pretty{
"query": {
"bool": {
"must": {
"query_string": {
"query": "Stopping PSB: start the yum-updateonboot deamon..."
}
},
"filter": {
"range": {
"@timestamp": {
"gt": "now-1d"
}
}
}
}
}
}' Result: { **"count" : 0,** "_shards" : { "total" : 2287, "successful" : 2287, "skipped" : 0, "failed" : 0 }
GET/_count?pretty{
"query": {
"bool": {
"must": {
"query_string": {
"query": "Stopping PSB: start the yum-updateonboot deamon..."
}
}
}
}
}Result: {
"count": 280483,
"_shards": {
"total": 2287,
"successful": 2287,
"skipped": 0,
"failed": 0
}
Upvotes: 0
Views: 1678
Answers (1)
Joe - Check out my books
Reputation: 16895
The date math with days is somewhat confusing.
Use either hours:
{
"range":{
"@timestamp":{
"gt":"now-24h"
}
}
}
or gte instead of gt:
{
"range":{
"@timestamp":{
"gte":"now-1d"
}
}
}
Update
Use timestamp instead of @timestamp
{
"query": {
"bool": {
"must": {
"query_string": {
"query": "Stopping PSB: start the yum-updateonboot deamon..."
}
},
"filter": {
"range": {
"timestamp": {
"gt": "now-1d"
}
}
}
}
}
}
Upvotes: 1
Related Questions
- ElasticSearch count returned result
- Elastic Search Query to get ( count of something = other field )
- Elastic Search (COUNT*) query
- Elasticsearch query for count the number of documents data in index
- Elastic search _count queries
- ElasticSearch aggregation counting query
- Nested count queries
- query for elasticsearch returning count
- elasticsearch how to find number of occurrences
- Elasticsearch counts of multiple indices