Hi All,
I have a ES cluster version 6.8 and I am using python lib elasticsearch==7.11.0 and elasticsearch-dsl==7.3.0
I have created the following code
index_name = 'central_log_nl'
query = Q('bool',
must=[
Q('match', tags="exim_json"),
Q('range', score={'gte': '15.0', 'lte': '20.0'}),
Q('range', **{'@timestamp': {'gte': 'now-2h', 'lte': 'now'}}),
],
must_not=[
Q('match', tags="local_mail_servers"),
])
s = Search(using=esClient, index=index_name)
s.query(query)
When I execute that query I am getting 2199156482 results which is totally not what I would expect. If I print the query like this:
print('Main query -> {}'.format(json.dumps(query.to_dict())))
I am getting the following output
Main query -> {"bool": {"must": [{"match": {"tags": "exim_json"}}, {"range": {"score": {"gte": "15.0", "lte": "20.0"}}}, {"range": {"@timestamp": {"gte": "now-2h", "lte": "now"}}}], "must_not": [{"match": {"tags": "local_mail_servers"}}]}}
When I execute this query in Kibana -> dev tools like this:
GET central_log_nl/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"tags": "exim_json"
}
},
{
"range": {
"score": {
"gte": 15,
"lte": 20
}
}
},
{
"range": {
"@timestamp": {
"gte": "now-2h/h",
"lte": "now"
}
}
}
],
"must_not": [
{
"match": {
"tags": "local_mail_servers"
}
}
]
}
}
}
I am getting the following result.
{
"took" : 12,
"timed_out" : false,
"_shards" : {
"total" : 89,
"successful" : 89,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 2149,
"max_score" : 0.0,
"hits" : [ ]
}
}
Here I am getting a total of 2149 which is what I would expect.
Can someone please help me to understand what I am doing wrong here?