DSL query with multiple wildcard and timestamp range - syntax check


(Shankar) #1

I am trying to create a DSL query to search for a text with wild cards. I have the following working API call.
http://localhost:9200/_search?q="Error creating" AND @timestamp:["2019-03-18T17:01:49Z" TO "2019-03-18T18:00:48Z"]

I have verified that this query returns expected results.

I am trying to extend the call to search for multiple wild card texts within a range as a request body search.

Can anyone please check the syntax and why it doesnt work as expected?

{
  "query": {
    "bool": {
      "must": [
        {
        "wildcard" : { "detailmsg" : { "value" : "*Error creating used syndication lead*" } }
        },
        {
          "range": {
            "@timestamp": {
              "gte": 1552867260000,
              "lte": 1552863660000,
              "format": "epoch_millis"
            }
          }
        }
      ]
    }
  }
}

(Guido Lena Cota) #2

Hi,
It'd be helpful to know what it means that it's not working as expected. For example, do you get no results? do you get some results, but they're wrong? do you get an error?

Also, is detailmsg a keyword type? Because wildcard queries work only for non-analysed fields.


(Shankar) #3

Hi, sorry for the delayed response. I wanted to see how to convert the API search into an equivalent DSL syntax, with multiple wild card entries at the same time (to avoid multiple search).

While I get results for the API call, with curl, I am not getting any results for the DSL query submitted via Rest client.

"detailmsg" is a field. Please let me know any error in the query. Thanks.