Can't query for date or date range

Erik_M · June 4, 2018, 7:53am

Hey,
I have a problem concerning querying the dates in kibana.
The raw data is in the following format:
2018-03-16 00:00:00
The dates are formatted in the mapping as follows:

"starts": {
            "type": "date",
            "format": "yyyy-MM-dd 00:00:00"
          }

Which is accepted by elasticsearch. Similarly within the discover function of kibana all data points are found and the times are represented as
starts: March 16th 2018, 01:00:00.000 (in the table)
starts: "2018-03-16 00:00:00" (as json)

However when searching in kibana discover using two different approaches:
starts:[* TO 2019-03-15]
or
starts:[* TO 2019-03-15'T'00:00:00]
Returns no results at all. No matter the range (and can't search for specific dates either).

If I instead click the magnifying glass with the + sign (Filter for value) I get the following parsing error:
Discover: failed to parse date field [2018-03-16T00:00:00.000Z] with format [yyyy-MM-dd 00:00:00]

What and where is the formatting wrong? The date format seems correct and basic enough but why does no search or filtering work?

bhavyarm · June 4, 2018, 9:04pm

Hi Erik,

Can you try searching for your timestamp like this: 2018-05-28T01:02:03.456 without the quotes around it.

We do have an existing issue on having better documentation for it.

Thanks,
Bhavya

tylersmalley · June 4, 2018, 9:05pm

This might also be related: Discover: failed to parse date field

Erik_M · June 5, 2018, 1:50pm

Tried your suggestion and still only get parsing errors. Also followed tylersmalley's link but didn't help me. Still can't search for dates or ranges of dates within the discover function.

LeeDr · June 6, 2018, 8:51pm

For me, in Discover, this works;

@timestamp:2015-09-22 (shows just that day's data)
@timestamp:2015-09-22T23 (shows just that hour's data)

But an unquoted date/time string containing : doesn't work. But quoted it does;

@timestamp:"2015-09-22T23:50:13.253" returns just the one doc with that timestamp.

@timestamp:"2015-09-22T23:50" also works. Returns docs in that hour:minute.

Erik_M · June 7, 2018, 7:24am

Your suggestion helped partially, but enough for it to work!
For some reason the ONLY format that works is your third description, i.e. the FULL time within quotes. Whenever I skip the quotes or only use date, date+hour, date+hour+minute etc. with quotes the return is "no results" or "parsing error"

system · July 5, 2018, 7:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana : Discover: failed to parse date field [2018-08-13T14:44:21.253] with format Invalid date Kibana	2	3240	September 17, 2018
Kibana/ES Discover: failed to parse date field [2018-08-13T14:44:21.253] with format [date_time] Elasticsearch	2	478	August 19, 2018
Query date field Kibana	2	282	March 3, 2019
Discover: failed to parse date field Kibana	2	6191	October 16, 2017
Discover not filtering for date properly Elastic Search elastic-workplace-search	7	301	March 19, 2024

Can't query for date or date range

Related topics