I am using Kibana to explore my Elasticsearch indices. One index stores timestamp in a "log_timestamp" field. In Kibana I've added an index pattern for this and also indicated that the "log_timestamp" field is the one to look for for Dates. I select a time range in the time picker from todays date and two years back. I also add a Lucene query on the timestamp. The HTTP body sent by Kibana looks like this.
{
"version": true,
"size": 500,
"sort": [
{ "log_timestamp": { "order": "desc", "unmapped_type": "boolean" } }
],
"_source": { "excludes": [] },
"aggs": {
"2": {
"date_histogram": {
"field": "log_timestamp",
"calendar_interval": "1w",
"time_zone": "Europe/Stockholm",
"min_doc_count": 1
}
}
},
"stored_fields": ["*"],
"script_fields": {},
"docvalue_fields": [
{ "field": "@timestamp", "format": "date_time" },
{ "field": "log_timestamp", "format": "date_time" }
],
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "log_timestamp:[2019-05-20 TO 2019-10-20]",
"analyze_wildcard": true,
"time_zone": "Europe/Stockholm"
}
},
{
"range": {
"log_timestamp": {
"format": "strict_date_optional_time",
"gte": "2017-10-03T07:18:10.889Z",
"lte": "2019-10-03T07:18:10.889Z"
}
}
}
],
"filter": [],
"should": [],
"must_not": []
}
},
"highlight": {
"pre_tags": ["@kibana-highlighted-field@"],
"post_tags": ["@/kibana-highlighted-field@"],
"fields": { "*": {} },
"fragment_size": 2147483647
},
"timeout": "30000ms"
}
The problem I am having is that this returns a "No results match your search criteria". There should have been documents that match both of these MUST parts. I must misunderstand the bool query somehow. If I change my query to: log_timestamp:*
then it works fine and I get plenty of results.
What am I missing?