Being new to Elasticsearch hopefully I'm missing something obvious.
I'm trying to insert data into ES with a timestamp. It is more convenient for the source data to use seconds since epoch but whenever I do this I can't seem to get results returned if I use a text date in the search query. I assume this is then why I am having problems visualising the data with Kibana.
I can illustrate the problem pretty simply using the following queries (the date used is 2017-04-14T17:10:59+0100 == 1492186259):
DELETE my_index
PUT my_index
{
"mappings": {
"my_type": {
"properties": {
"date": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis||epoch_second"
}
}
}
}
}
PUT my_index/my_type/1
{
"date" : 1492186259
}
GET my_index/_search
{
"query": {
"range" : {
"date" : {
"gte" : "2017-04-14T12:00:00+01:00"
}
}
}
}
This will not return any results but searching using a time formatted as seconds since epoch works:
GET my_index/_search
{
"query": {
"range" : {
"date" : {
"gte" : 1492167600
}
}
}
}
If I insert the date in the text format, both searches work perfectly:
PUT my_index/my_type/1
{
"date" : "2017-04-14T17:10:59+0100"
}
Even though I've explicitly set the date formats to use and the index is reporting that it is expecting a date it looks like if I use seconds since epoch to insert a date I can only use numeric queries. What have I missed, if anything?
Elasticsearch is running on a fully patched CentOS 7 install accessed through localhost with stock config other than hostname. ES version info:
{
"name" : "juFPZaL",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "KwbzM__GSCS_x0AD0G8C1g",
"version" : {
"number" : "5.3.0",
"build_hash" : "3adb13b",
"build_date" : "2017-03-23T03:31:50.652Z",
"build_snapshot" : false,
"lucene_version" : "6.4.1"
},
"tagline" : "You Know, for Search"
}