I create an index and it save two date (D1, D2) for something, after that I want to query this monent is it between D1 and D2, so I query :
startdate <= "2019-08-22T03:55:47.165Z" AND endate>= "2019-08-22T03:55:47.165Z"
It successful return the data as I want, so I try to do the same things in Dev tools again with:
GET i_want_get_date/_search
{
"query":{
"query_string":{
"query":"startdate<= \"2019-08-22T03:55:47.165Z\" AND enddate>= \"2019-08-22T03:55:47.165Z\""
}
}
}
The problem is:
it cannot search any result back, the query cannot compare the date using this method
Any suggestion? Thanks!
============================================================
Thanks Val answer the question, I using a very slimier query to do the same function, I change a little bit query syntax to make it works:
GET i_want_get_date/_search
{
"query": {
"bool": {
"filter": [
{
"range": {
"startdate":{
"lte":"2019-08-22T03:55:47.165Z"
}
}
},
{
"range": {
"enddate":{
"gte":"2019-08-22T03:55:47.165Z"
}
}
}
]
}
}
}
I suggest to use two range queries instead
GET i_want_get_date/_search
{
"query": {
"bool": {
"filter": [
{
"range": {
"lte": {
"startdate": "2019-08-22T03:55:47.165Z"
}
}
},
{
"range": {
"gte": {
"enddate": "2019-08-22T03:55:47.165Z"
}
}
}
]
}
}
}
This is the query that worked for me to select dates after based on a specific field:
{
"query": {
"bool": {
"filter": [
{
"range": {
"_kuzzle_info.createdAt": {
"gte": "2023-01-09T13:29:27.537+00:00"
}
}
}
]
}
}
}
_kuzzle_info.createdAt is the field with the date
there is a syntax error in your answer, the elastic fields should come before the gte or lte
{
"range": {
"**startdate**": {
"**lte**": "2019-08-22T03:55:47.165Z"
}
}
}
Related
I'm trying to perform a search with the intended criteria being (activationDate in range 1598889600 to 1602051579) or someFlag=true.
Below is the query I tried, but it does not yield any records with someFlag=true (even with a big size, e.g. 5000). My Elasticsearch does have a lot of records with someFlag=true.
There are about 3000 total documents and this query returns around 280 documents.
{
"query": {
"bool": {
"must": [
{
"range": {
"activationDate": {
"gte": 1598889600
}
}
},
{
"range": {
"activationDate": {
"lte": 1602051579
}
}
}
],
"should": {
"match": {
"someFlag": true
}
}
}
},
"from": 1,
"size": 1000
}
Am I missing something?
This should work:
{
"query": {
"bool": {
"filter": [
{
"bool": {
"should": [
{
"range": {
"activationDate": {
"gte": 1598889600,
"lte": 1602051579
}
}
},
{
"term": {
"someFlag": true
}
}
]
}
}
]
}
}
}
In theory this should do the same:
{
"query": {
"bool": {
"should": [
{
"range": {
"activationDate": {
"gte": 1598889600,
"lte": 1602051579
}
}
},
{
"term": {
"someFlag": true
}
}
]
}
}
}
However the first query I've given wraps bool clause within a filter context (so that it does not need to score and query becomes cacheable).
Your bool query might have not worked because you were using match query, not term. match is normally used for text search only.
Replace the must with an should and set minimum_should_match=1 as is is an OR query and you are fine if just one of the ceiterias is met by any record. Next reduce the two range criterias to just one, where you combine gte and lte.
I am looking to get the average of the difference between two different fields in an elastic DB, I have been able to write a query to return the last 1000 results, however I am not sure how I go about getting the difference between each result then getting an overall average.
Elastic query below:
POST my_index/_search
{
"size":1000,
"_source": ["date.time.received","date.time.sent"],
"query": {
"bool": {
"must": [
{
"range": {
"date.time.received": {
"gte": "2019-06-19"
}
}
},
{
"range": {
"date.time.sent": {
"gte": "2019-06-19"
}
}
}
]
}
}
}
I am using average aggregation and script
POST testindex5/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"date.time.received": {
"gte": "2019-06-19"
}
}
},
{
"range": {
"date.time.sent": {
"gte": "2019-06-19"
}
}
}
]
}
},
"aggs": {
"avg_resp": {
"avg": {
"script": "(doc['date.time.received'].value.toInstant().toEpochMilli()- doc['date.time.sent'].value.toInstant().toEpochMilli())/1000/86400" ---> convert to days
}
}
}
}
I would like to get the number of documents that matches a specific string within a time range.
How can I specify a time range from this query?
GET myindex/_count
{
"query": {
"match" : {
"log" : "ERROR"
}
}
}
To get a time range:
{
"query": {
"range": {
"msgSubmissionTime": {
"gte": "now-10m",
"lt": "now"
}
}
}
}
Is there a way to combine both queries?
The guys above me are correct, but they both added redundant [,] for the must which implies a query of more than on match field.
GET _search
{
"query": {
"bool" : {
"must" : {
"match" : { "log": "ERROR" }
},
"filter":
{
"range": {
"msgSubmissionTime": {
"gte": "now-10m",
"lte": "now"
}
}
}
}
}
}
Sure you can.
It can be done in two ways: with filtering and boolean query.
Elastic recommends to use filters to prefilter results - they are faster then queries.
Boolean queries can geather different queries by AND, OR, NOT operators.
In official Elastic docs you can find example that almost fits your question - elasticsearch documentation
So your query will be like:
{
"query": {
"bool": {
"must": [
{
"match": {
"log": "ERROR"
}
}
],
"filter": {
"range": {
"msgSubmissionTime": {
"gte": "now-10m",
"lte": "now"
}
}
}
}
}
}
try this.
{
"query": {
"bool": {
"filter": {
"range": {
"msgSubmissionTime": {
"gte": "now-10m",
"lt": "now"
}
}
},
"must": [
{
"term": {
"log" : "ERROR"
}
}
]
}
}
}
How am I able to put both of these queries together, as you can see that query one is bringing back all the date from today and the second query is bringing back data for all users that has the name test in it.
So I want to bring back all of the data for data with the name that has test in it.
Could someone show me how this is done please?
Query one:
{
"_source":["VT"],
"query": {
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}}
}
Query two:
from elasticsearch import Elasticsearch
es = Elasticsearch(["9200"])
res = es.search(index="search", body=
{
"_source": ["DTDT", "TRDT"],
"query": {
"bool": {
"should": [
{"wildcard": {"N": "TEST*"}}
]
}
}
}, size=10
)
for doc in res['hits']['hits']:
print(doc)
You can use a bool query with two must clauses, like this:
{
"_source": ["DTDT", "TRDT", "VT"],
"query": {
"bool": {
"must": [
{
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}
},
{
"wildcard": {
"N": "TEST*"
}
}
]
}
}
}
Check out the docs for the bool query.
This will help you:
POST _search
{
"query": {
"bool": {
"must": [
{
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}
},
{
"match": {
"N": {
"query": "TEST",
"operator": "and"
}
}
}]
}
}
}
i have a question with filter, range and or with elastic search.
I have de document in elasticSearch with
{
startDate : myDate
endDate : onOtherDateOr Nothing
}
I Want to search for a range where now is after startDate, or Between startDate and endDate if endDate is defined. How can i do that ?
You can do it like this with two bool/should filters containing two nested bool/must filters:
curl -XPOST localhost:9200/_search -d '{
"query": {
"filtered": {
"filter": {
"bool": {
"should": [
{
"bool": {
"must": [ <--- if endDate exists, check both bounds
{
"exists": {
"field": "endDate"
}
},
{
"range": {
"startDate": {
"lte": "now"
}
}
},
{
"range": {
"endDate": {
"gte": "now"
}
}
}
]
}
},
{
"bool": {
"must": [ <--- if endDate missing, only check startDate
{
"missing": {
"field": "endDate"
}
},
{
"range": {
"startDate": {
"lte": "now"
}
}
}
]
}
}
]
}
}
}
}
}'
I find below query as best approach:
{
"query": {
"range": {
"order.dateCreated": {
"dateFrom": "2011-01-24",
"dateTo": "2011-01-24"
}
}
}
}
try the next query, at least it works for me.`
"query": {
"range": {
"date_ field ": { # this field_name should be the field where your date range
resides.
"gte": startDate,
"lte": endDate,
"boost": 2.0
}
}
}`