Can't query for date or date range

Erik_M · June 4, 2018, 7:53am

Hey,
I have a problem concerning querying the dates in kibana.
The raw data is in the following format:
2018-03-16 00:00:00
The dates are formatted in the mapping as follows:

"starts": {
            "type": "date",
            "format": "yyyy-MM-dd 00:00:00"
          }

Which is accepted by elasticsearch. Similarly within the discover function of kibana all data points are found and the times are represented as
starts: March 16th 2018, 01:00:00.000 (in the table)
starts: "2018-03-16 00:00:00" (as json)

However when searching in kibana discover using two different approaches:
starts:[* TO 2019-03-15]
or
starts:[* TO 2019-03-15'T'00:00:00]
Returns no results at all. No matter the range (and can't search for specific dates either).

If I instead click the magnifying glass with the + sign (Filter for value) I get the following parsing error:
Discover: failed to parse date field [2018-03-16T00:00:00.000Z] with format [yyyy-MM-dd 00:00:00]

What and where is the formatting wrong? The date format seems correct and basic enough but why does no search or filtering work?

bhavyarm · June 4, 2018, 9:04pm

Hi Erik,

Can you try searching for your timestamp like this: 2018-05-28T01:02:03.456 without the quotes around it.

We do have an existing issue on having better documentation for it.

Thanks,
Bhavya

tylersmalley · June 4, 2018, 9:05pm

This might also be related: Discover: failed to parse date field

Erik_M · June 5, 2018, 1:50pm

Tried your suggestion and still only get parsing errors. Also followed tylersmalley's link but didn't help me. Still can't search for dates or ranges of dates within the discover function.

LeeDr · June 6, 2018, 8:51pm

For me, in Discover, this works;

@timestamp:2015-09-22 (shows just that day's data)
@timestamp:2015-09-22T23 (shows just that hour's data)

But an unquoted date/time string containing : doesn't work. But quoted it does;

@timestamp:"2015-09-22T23:50:13.253" returns just the one doc with that timestamp.

@timestamp:"2015-09-22T23:50" also works. Returns docs in that hour:minute.

Erik_M · June 7, 2018, 7:24am

Your suggestion helped partially, but enough for it to work!
For some reason the ONLY format that works is your third description, i.e. the FULL time within quotes. Whenever I skip the quotes or only use date, date+hour, date+hour+minute etc. with quotes the return is "no results" or "parsing error"

system · July 5, 2018, 7:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Discover not filtering for date properly Elastic Search elastic-workplace-search	7	297	March 19, 2024
How to use Date Range filter in Kibana? Kibana	4	33548	September 10, 2019
Kibana Dashboard showing parser errors on date filter. Error: "failed to parse date field [1542281539000] with format [yyyy-MM-dd'T'HH:mm:ss.SSSZ]" Kibana	3	826	March 13, 2019
Filtering based on @timestamp in Discover Kibana	4	9668	August 21, 2018
Date Range filter in data table Kibana 5.4.1 Kibana	6	1901	August 29, 2017

Can't query for date or date range

Related Topics