Dynamically passing to query

cool999 · November 29, 2021, 4:58pm

Hi Team,

I have below similar logs.

I have created dummy index and created mapping like below,

PUT new
{
  "mappings": {
    "properties": {
      "@timestamp": {
        "type":   "date",
        "format": "yyyy-MM-dd HH:mm:ss.SSS"
      }
    }
  }
}

and indexed data as below,

PUT /new/_doc/1
{
  "@timestamp": "2021-11-05 08:12:14.534",
  "level": "INFO",
  "id": "1",
  "text": "website is accessed",
  "status": "clicked"
}

PUT /new/_doc/2
{
  "@timestamp": "2021-10-14 09:11:14.534",
  "level": "INFO",
  "id": "3",
  "text": "website is accessed",
  "status": "clicked"
}

PUT /new/_doc/3
{
  "@timestamp": "2021-09-09 02:08:20.534",
  "level": "INFO",
  "id": "4",
  "text": "website is accessed",
  "status": "clicked"
}

I am able to fetch the total counts using below request query,

GET new/_search
{
  "aggs": {},
  "size": 0,
  "fields": [],
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "bool": {
            "should": [
              {
                "match_phrase": {
                  "text": "website is accessed"
                }
              }
            ],
            "minimum_should_match": 1
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2021-10-01",
              "lte": "2021-10-30"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
}

Getting response as below,

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  }
}

As you see, i need to hardcode the date to fetch the value for a particular month i.e to fetch the same information for sept month, i need to modify the date time range as below in curl request ,

"range": {
  "@timestamp": {
    "gte": "2021-09-01",
    "lte": "2021-09-30"
    }
    }

How can i pass year and month dynamically (i.e without actually hardcoding it request itself ) to the curl request which will fetch the information for that particular month, year?

Thanks,

warkolm · November 30, 2021, 9:15am

Not via Dev Tools, no.

You could probably do it via the shell and curl and date.

cool999 · November 30, 2021, 9:41am

Hi @warkolm,

Thanks for reply.

Yes i am asking how to do achieve this from curl call?

Above dev-tools example was just to create things quickly.

Below is the curl request for above call.

curl -u elastic:xxx  -XGET "http://10.10.10.10:9200/new/_search?pretty" -H 'Content-Type: application/json' -d'
{
  "aggs": {},
  "size": 0,
  "fields": [],
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "bool": {
            "should": [
              {
                "match_phrase": {
                  "text": "website is accessed"
                }
              }
            ],
            "minimum_should_match": 1
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2021-10-01",
              "lte": "2021-10-30"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
}'

Thanks,

cool999 · December 1, 2021, 4:29pm

I am able to get the results for last month (Nov) or last 2 months (Oct) and so on using below,

last month - Nov -

"gte": "now-M",
"lt": "now/M"

2 months - Oct

"gte": "now-2M/M",
"lte": "now-2M/M"

But is there way to provide desired year and month to retrieve results?

system · December 29, 2021, 4:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.