I'm looking to get data between two dates in elasticsearch.
I have tried to put "gte": "20-04-2019" and "lte": "21-04-2019" as shown below, but I still get other anterior dates in the final result:
GET aws-index2/produit/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"commun.nom": {
"query": "iphone",
"operator": "and",
"zero_terms_query": "all"
}
}
},
{
"range": {
"commun.date": {
"gte": "20-04-2019",
"lte": "21-04-2019",
"format": "dd-MM-yyyy"
}
}
}
]
}
}
}
In the sample document you give, commun.date looks like this "04-20-2019", which means that the format is not dd-MM-yyyy but MM-dd-yyyy. So your query should probably look like this instead:
GET aws-index2/produit/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"commun.nom": {
"query": "iphone",
"operator": "and",
"zero_terms_query": "all"
}
}
},
{
"range": {
"commun.date": {
"gte": "04-20-2019",
"lte": "04-21-2019"
}
}
}
]
}
}
}
Related
My current elasticsearch query is-
{
"must": [
{
"range": {
"firstClosedAt": {
"gte": 1667948400000,
"lte": 1668034800000
}
}
},
{
"term": {
"status": "CLOSED"
}
}
I want to modify it such that if "firstClosedAt" is null or not present then look for "closedAt".
Just like we have coalesce("firstClosedAt","closedAt") in sql
Help would be appreciated
There's no coalesce equivalent in ES, but you can do the query like below, which can read like: "either use firstClosedAt OR use closedAt if firstClosedAt does not exist":
{
"query": {
"bool": {
"filter": [
{
"term": {
"status": "CLOSED"
}
},
{
"bool": {
"minimum_should_match": 1,
"should": [
{
"range": {
"firstClosedAt": {
"gte": 1667948400000,
"lte": 1668034800000
}
}
},
{
"bool": {
"must_not": {
"exists": {
"field": "firstClosedAt"
}
},
"filter": {
"range": {
"closedAt": {
"gte": 1667948400000,
"lte": 1668034800000
}
}
}
}
}
]
}
}
]
}
}
}
You could, however, create a much simpler query if you create another date field at indexing time which would either take the value of firstClosedAt or closedAt if firstClosedAt does not exist
Query: Get employee name "Mahesh" whose id is "200" and joining datetime is in a given date range and his epf status must be either 'NOK' or 'WRN'. (Possible values of epf_status are {OK,NOK,WRN,CANCELLED}.
I have written the following query, that matches epf_status also with OK, CANCELLED, but it must only match when epf_status is either 'NOK' or 'WRN'. What else do I need to change to make it work, as required?
GET myindex01/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"empname": { "query": "Mahesh", "operator": "AND" }
}
},
{
"match": {
"empid": { "query": "200", "operator": "AND" }
}
},
{
"range": {
"joining_datetime": {
"gte": "2020-01-01T00:00:00",
"lte": "2022-06-24T23:59:59"
}
}
}
],
"should": [
{ "match": { "epf_status": "NOK" } },
{ "match": { "epf_status": "WRN" } }
]
}
}
}
SAMPLE DATA:
{"Mahesh","200","2022-04-01","OK"}
{"Mahesh","200","2022-04-01","NOK"}
{"Mahesh","200","2022-04-01","WRN"}
{"Mahesh","200","2022-04-01","CANCELLED"}
REQUIRED OUTPUT:
{"Mahesh","200","2022-04-01","NOK"}
{"Mahesh","200","2022-04-01","WRN"}
Tldr;
You could be using the terms query for that I believe.
Returns documents that contain one or more exact terms in a provided field.
To solve
GET myindex01/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"empname": { "query": "Mahesh", "operator": "AND" }
}
},
{
"match": {
"empid": { "query": "200", "operator": "AND" }
}
},
{
"range": {
"joining_datetime": {
"gte": "2020-01-01T00:00:00",
"lte": "2022-06-24T23:59:59"
}
}
}
],
"should": [
{ "terms": { "epf_status": ["NOK", "WRN"] } }
]
}
}
}
My index contains documents with fields called send_date and tags. Currently I'm fetching documents which contains any tag specified by the user.
Exemplary query:
{
"query": {
"query_string": {
"query": "\"this is tag1\" \"this is tag2\"",
"fields": ["tags"],
"default_operator": "OR"
}
}
}
But now I'd like to query my index to return me documents which contains:
this is tag1 and were send in date range (a, b)
or
this is tag2 and were send in date range (c, d)
Is this is possible using single query and some mix of bool / range queries?
if you want to stick to query_string, you can do it like this:
{
"query": {
"query_string": {
"query": "(tags:\"this is tag1\" AND date:[2020-01-01 TO 2021-01-01]) OR (tags:\"this is tag2\" AND date:[2020-06-01 TO 2020-07-01])",
"default_operator": "OR"
}
}
}
Otherwise, you can leverage range queries and combine them with the query_string one in a bool/shouldcombo:
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"bool": {
"filter": [
{
"query_string": {
"query": "tags:\"this is tag1\"",
"default_operator": "OR"
}
},
{
"range": {
"date": {
"gte": "2020-01-01",
"lte": "2021-01-01"
}
}
}
]
}
},
{
"bool": {
"filter": [
{
"query_string": {
"query": "tags:\"this is tag2\"",
"default_operator": "OR"
}
},
{
"range": {
"date": {
"gte": "2020-06-01",
"lte": "2020-07-01"
}
}
}
]
}
}
]
}
}
}
I have to create a query that extract objects that has on field startTime the year 2017 and then another one for year 2018.
This is the format for startTime :
"startTime": "2017-06-11T08:00:00",
The query I have written :
{
"query": {
"bool": {
"must": [
{
"range": {
"startTime": {
"gte": "2017",
"lt": "2018"
}
}
}
]
}
}
}
Yes it return the object that has the startTime on year 2017 but if I do :
{
"query": {
"bool": {
"must": [
{
"range": {
"startTime": {
"gte": "2018",
"lt": "2019"
}
}
}
]
}
}
}
It does return also objects from 2017.
How can I solve this problem?
First make sure, that the field is actually of type Date.
If the problem persists, Elastic allows you to specify a date-format for the query. Adding a format of yyyy to your example, results in:
{
"query": {
"bool": {
"must": [
{
"range": {
"startTime": {
"gte": "2018",
"lt": "2019",
"format": "yyyy"
}
}
}
]
}
}
}
How am I able to put both of these queries together, as you can see that query one is bringing back all the date from today and the second query is bringing back data for all users that has the name test in it.
So I want to bring back all of the data for data with the name that has test in it.
Could someone show me how this is done please?
Query one:
{
"_source":["VT"],
"query": {
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}}
}
Query two:
from elasticsearch import Elasticsearch
es = Elasticsearch(["9200"])
res = es.search(index="search", body=
{
"_source": ["DTDT", "TRDT"],
"query": {
"bool": {
"should": [
{"wildcard": {"N": "TEST*"}}
]
}
}
}, size=10
)
for doc in res['hits']['hits']:
print(doc)
You can use a bool query with two must clauses, like this:
{
"_source": ["DTDT", "TRDT", "VT"],
"query": {
"bool": {
"must": [
{
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}
},
{
"wildcard": {
"N": "TEST*"
}
}
]
}
}
}
Check out the docs for the bool query.
This will help you:
POST _search
{
"query": {
"bool": {
"must": [
{
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}
},
{
"match": {
"N": {
"query": "TEST",
"operator": "and"
}
}
}]
}
}
}