Can I use range query using only time not date

byeong_seok_park · October 16, 2018, 8:58am

Hi,

I wanna make a simple query that range specific time of the day.

But It seems to be necessary to write the date in elasticsearch query.

What I want is using only time in range syntax, so that I can use that script everyday to extract the specific time range's daily logs without editing.

Below is my query:
(it's working currently, but I want remove the date)

{
  "size": 10,
  "query": {
  "constant_score": {
    "filter": {
      "bool": {
        "filter": [
          {
            "terms": {
              "ID": [
                10157
              ]
            }
          },
          {
            "range": {
              "EVENT_TIME": {
                "gte": "2018-07-27 00:00:00.000",
                "lt": "2018-07-27 02:59:59.999",
                "format": "yyyy-MM-dd HH:mm:ss.SSS",
                "time_zone": "+09:00"
              }
            }
          }
        ]
      }
    }
  }
  }
}

Any comment would be appreciated. Thanks.

dadoonet · October 16, 2018, 9:11am

The best option is to compute a minute of the day or so field (or hour of the day depending on the precision you want) at index time.

Then use a normal range query.

system · November 13, 2018, 9:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.