DSL query with multiple wildcard and timestamp range - syntax check

shankarps · March 19, 2019, 9:03pm

I am trying to create a DSL query to search for a text with wild cards. I have the following working API call.
http://localhost:9200/_search?q="Error creating" AND @timestamp:["2019-03-18T17:01:49Z" TO "2019-03-18T18:00:48Z"]

I have verified that this query returns expected results.

I am trying to extend the call to search for multiple wild card texts within a range as a request body search.

Can anyone please check the syntax and why it doesnt work as expected?

{
  "query": {
    "bool": {
      "must": [
        {
        "wildcard" : { "detailmsg" : { "value" : "*Error creating used syndication lead*" } }
        },
        {
          "range": {
            "@timestamp": {
              "gte": 1552867260000,
              "lte": 1552863660000,
              "format": "epoch_millis"
            }
          }
        }
      ]
    }
  }
}

glenacota · March 19, 2019, 9:07pm

Hi,
It'd be helpful to know what it means that it's not working as expected. For example, do you get no results? do you get some results, but they're wrong? do you get an error?

Also, is detailmsg a keyword type? Because wildcard queries work only for non-analysed fields.

shankarps · April 16, 2019, 9:06pm

Hi, sorry for the delayed response. I wanted to see how to convert the API search into an equivalent DSL syntax, with multiple wild card entries at the same time (to avoid multiple search).

While I get results for the API call, with curl, I am not getting any results for the DSL query submitted via Rest client.

"detailmsg" is a field. Please let me know any error in the query. Thanks.

system · May 14, 2019, 9:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.