Date range not working ... no errors but no matches

Jagdeepak_Rawat · February 4, 2020, 12:30pm

I put the following json in elasticsearch under an index.
but can't use date ranges on this structure even though I have put custom mappings of my own to show where date is.

{
"key": {
"window_end": 1579602460000,
"window_start": 1579602400000,
"window_start_ins": "2020-01-21T10:26:40.000Z",
"window_end_ins": "2020-01-21T10:27:40.000Z",
"key": [
{
"field": "$_log_event",
"value": "ALERT"
}
]
},
"value": [
{
"field": "REQUEST",
"type": "count",
"value": 565584
},
{
"field": "fatal_cost",
"type": "sum",
"value": 281509
},
{
"field": "min_cost",
"type": "min",
"value": 44
},
{
"field": "drop_cost",
"type": "sum",
"value": 131377
},
{
"field": "FATAL",
"type": "count",
"value": 291
},
{
"field": "DROP",
"type": "count",
"value": 284
},
{
"field": "max_cost",
"type": "max",
"value": 326601
}
]
}

this is my mapping object.
{
"reporting_test1" : {
"mappings" : {
"properties" : {
"key" : {
"type" : "nested",
"properties" : {
"key" : {
"type" : "nested",
"properties" : {
"field" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"value" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"window_end" : {
"type" : "long"
},
"window_end_ins" : {
"type" : "date"
},
"window_start" : {
"type" : "long"
},
"window_start_ins" : {
"type" : "date"
}
}
},
"value" : {
"type" : "nested",
"properties" : {
"field" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"value" : {
"type" : "long"
}
}
}
}
}
}
}

and I am giving query.

GET reporting_test1/_search
{
"query": {"range": {
"key.window_end_ins": {
"gte": "2010-01-01T00:00:00",
"lte": "now"
}
}
}
}

the response is following: -
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" :
}
}

even after trying different date formats. it doesn't work.
also in kibana it doesn't give any output because no date query ever gives any hits back.
please can somebody point out why is it not working?

Magnus_Kessler · February 4, 2020, 5:34pm

Your key field is mapped as nested. Nested fields can only be queried with nested queries.

Be aware that Kibana hasn't yet got any good support for nested queries.

Please read the documentation for the nested datatype. It explains when it should be used. In your example, you could simply map the top-level key field as a JSON object, and query it with standard queries.

Jagdeepak_Rawat · February 5, 2020, 11:22am

thank you very much for the help.

system · March 4, 2020, 11:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date range is not working as expected Elasticsearch	4	3538	December 1, 2017
Date range not working as expected between Elasticsearch 7.17 and Elasticsearch 8.6 Elasticsearch	4	1238	April 28, 2023
Timestamp range not querying properly Elasticsearch	6	391	July 22, 2019
Struggling with date ranges Elasticsearch	1	348	September 3, 2018
Problem with range search with datetime field Elasticsearch	5	230	January 7, 2023

Date range not working ... no errors but no matches

Related Topics