Date range not working ... no errors but no matches

Jagdeepak_Rawat · February 4, 2020, 12:30pm

I put the following json in elasticsearch under an index.
but can't use date ranges on this structure even though I have put custom mappings of my own to show where date is.

{
"key": {
"window_end": 1579602460000,
"window_start": 1579602400000,
"window_start_ins": "2020-01-21T10:26:40.000Z",
"window_end_ins": "2020-01-21T10:27:40.000Z",
"key": [
{
"field": "$_log_event",
"value": "ALERT"
}
]
},
"value": [
{
"field": "REQUEST",
"type": "count",
"value": 565584
},
{
"field": "fatal_cost",
"type": "sum",
"value": 281509
},
{
"field": "min_cost",
"type": "min",
"value": 44
},
{
"field": "drop_cost",
"type": "sum",
"value": 131377
},
{
"field": "FATAL",
"type": "count",
"value": 291
},
{
"field": "DROP",
"type": "count",
"value": 284
},
{
"field": "max_cost",
"type": "max",
"value": 326601
}
]
}

this is my mapping object.
{
"reporting_test1" : {
"mappings" : {
"properties" : {
"key" : {
"type" : "nested",
"properties" : {
"key" : {
"type" : "nested",
"properties" : {
"field" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"value" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"window_end" : {
"type" : "long"
},
"window_end_ins" : {
"type" : "date"
},
"window_start" : {
"type" : "long"
},
"window_start_ins" : {
"type" : "date"
}
}
},
"value" : {
"type" : "nested",
"properties" : {
"field" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"value" : {
"type" : "long"
}
}
}
}
}
}
}

and I am giving query.

GET reporting_test1/_search
{
"query": {"range": {
"key.window_end_ins": {
"gte": "2010-01-01T00:00:00",
"lte": "now"
}
}
}
}

the response is following: -
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" :
}
}

even after trying different date formats. it doesn't work.
also in kibana it doesn't give any output because no date query ever gives any hits back.
please can somebody point out why is it not working?

Magnus_Kessler · February 4, 2020, 5:34pm

Your key field is mapped as nested. Nested fields can only be queried with nested queries.

Be aware that Kibana hasn't yet got any good support for nested queries.

Please read the documentation for the nested datatype. It explains when it should be used. In your example, you could simply map the top-level key field as a JSON object, and query it with standard queries.

Jagdeepak_Rawat · February 5, 2020, 11:22am

thank you very much for the help.

system · March 4, 2020, 11:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date Range query not working Elasticsearch	1	1090	July 5, 2017
Problem while searching for date range or date Elasticsearch	2	381	July 6, 2017
Can't do date range query in a small range Elasticsearch	2	394	July 5, 2017
Date range not working as expected between Elasticsearch 7.17 and Elasticsearch 8.6 Elasticsearch	4	1263	April 28, 2023
Timestamp range not querying properly Elasticsearch	6	392	July 22, 2019

Date range not working ... no errors but no matches

Related topics