As the title suggests, I want to get the timestamp (as a number) from a date type in an elastic search painless script. The following attempts didn't work: doc["date_field"].value, doc["date_field"].date.getMillis().
According to the Painless docs you should be able to access the milliseconds since epoch like this: doc.date_field.millis.
Date fields are exposed as ReadableDateTime, so they support methods
like getYear, getDayOfWeek or e.g. getting milliseconds since epoch
with getMillis. To use these in a script, leave out the get prefix and
continue with lowercasing the rest of the method name.
You should also be able to use the methods from ReadableDateTime. https://www.elastic.co/guide/en/elasticsearch/painless/6.4/painless-api-reference.html#painless-api-reference-org-joda-time-ReadableDateTime
Related
I'm using query string query to retrieve data from api where NAME field equals TEST and its being updated TODAY.
Lastupdate field is timestamp format (2019-11-09 10:04:56.530000000)
I tried to do it this way, Which do not throw error but it clearly do not work as well, some of records are from months ago some of them yrs ago and I want to query only today.
/data/_search?q=name:TEST lastupdate:[now-1d/d TO now/D]
P.S I know how can I do it with query dsl with gte lt attributes of ranges but as I will be using this data in Power BI I have to feed json to it via URL so thats why I'm searching ways to do it in URI.
Maybe you're just missing an AND from your query param? Does the following give you your expected results?
GET /data/_search?q=name:TEST+AND+lastupdate:[now-1d/d+TO+now/d]
I have a search in which i need to find the delta of data
http://localhost:9200/index/index_type/_search?q=sampledate[21-02-2015 TO 22-02-2015]
but this search is giving me error
could anybody help?
You can use below query:
GET /index_name/index_type/_search?q=dateCreated:[2016-01-06+TO+2016-01-07]
This will work only if dateCreated is a date field. Won't work with String
We had similar weird issue with this date field in Elastic Search 7.6.1.
We found working solution by removing colon(:) after date fields and surrounding entire date query part with brackets.
i.e.
GET /index_name/index_type/_search?q=dateCreated:[2016-01-06+TO+2016-01-07]
Above query changed to
GET /index_name/index_type/_search?q=(dateCreated[2016-01-06+TO+2016-01-07]) This should work
I have a use case which is a bit similar to the ES example of dynamic_template where I want certain strings to be analyzed and certain not.
My document fields don't have such a convention and the decision is made based on an external schema. So currently my flow is:
I grab the inputs document from the DB
I grab the approrpiate schema (same database, currently using logstash for import)
I adjust the name in the document accordingly (using logstash's ruby mutator):
if not analyzed I don't change the name
if analyzed I change it to ORIGINALNAME_analyzed
This will handle the analyzed/not_analyzed problem thanks to dynamic_template I set but now the user doesn't know which fields are analyzed so there's no easy way for him to write queries because he doesn't know what's the name of the field.
I wanted to use field name aliases but apparently ES doesn't support them. Are there any other mechanisms I'm missing I could use here like field rename after indexation or something else?
For example this ancient thread mentions that field.sub.name can be queried as just name but I'm guessing this has changed when they disallowed . in the name some time ago since I cannot get it to work?
Let the user only create queries with the original name. I believe you have some code that converts this user query to Elasticsearch query. When converting to Elasticsearch query, instead of using the field name provided by the user alone use both the field names ORIGINALNAME as well as ORIGINALNAME_analyzed. If you are using a match query, convert it to multi_match. If you are using a term query, convert it to a bool should query. I guess you get where I am going with this.
Elasticsearch won't mind if a field does not exists. This can be a problem if there is already a field with _analyzed appended in its original name. But with some tricks that can be fixed too.
I have a field that contains numbers. I want a filter that shows all logs that are less than a constant value.
When I try to add a new query filter, all I can see is a query string option.
If you are talking about the query field a syntax like this works:
field:<10
Will find just records with a field value less than 10. Found this by experimentation one day -- don't know if it's documented anywhere.
Steps:
1. Define a date field in a mapping.
2. Insert a epoch millisecond (long) value into that field.
Can elastic search returns a string value (yyyy-MM-ddTHH:mm:SS) of that field for a search?
From what I understand of the date-format documentation of ElasticSearch, it will always accept a milliseconds-since-epoch input next to input in the format given by the format, and it will produce a String output using the (first) format given. If you don't provide a format, then the "date_optional_time" format will be used (yyyy-MM-dd’T'HH:mm:ss.SSSZZ).
If the time zone in there is a problem for you, you'd need to give ElasticSearch your intended format.
I don't have the code to hand, but in my testing I believe I managed to do the following:
I used the date formatter on the field and the query fields definition to do this:
curl -XGET 'http://localhost:9200/twitter/tweet/1?fields=title,date_field.date_time'
using the date formats specified here: http://www.elasticsearch.org/guide/reference/mapping/date-format/
If you want a full document returned, this may be onerous. In which case is it possible to use an alias 'view' mapping to get the result to return differently from your primary mapping? Possibly this has become a half-answer.