Elasticsearch API Search query does not give correct results between timestamp range

Elastic Stack Elasticsearch
1

Hello Guys,

I have been facing this issue for last 2 days. Can anyone pls help on below issue.

Am able to get exact hit counts for example 750755, but field results am not getting between timestamp range. Only few results around 6 or 7 am getting suppose to get 750755 results.

My query is

curl -X GET "http://elasticsearch_ip:port/qa-web-logs-*/_search?track_total_hits=true&rest_total_hits_as_int=true&pretty" -H 'Content-Type: application/json' -d'
{

"_source": [ "request", "referrer", "response_code", "timestamp" ],
"query": {
    "bool": {
      "should": [
        {
            "match": {
                    "referrer": ".*"
            }

        },
        {
          "range" : {
            "timestamp" : {
              "gte": "2021-03-28T02:00:00",
          "lt": "now"
            }
          }
        }
       ],
       "must_not": [
    {
      "match": {
        "response_code": "200"
      }
    }
  ]
}

}

}
'

Output

{
"took" : 1548,
"timed_out" : false,
"_shards" : {
"total" : 19,
"successful" : 19,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 750755,
"max_score" : 1.0,
"hits" : [
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "8SCDMDNFDXCSDFNDJFDJF",
"_score" : 1.0,
"_source" : {
"request" : "value1",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T13:26:57.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "SDSDSDHSDHSHDHS",
"_score" : 1.0,
"_source" : {
"request" : "value2",
"referrer" : "https://www.google.com/",
"response_code" : 304,
"timestamp" : "2021-03-28T13:26:57.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "SDSDJmscnsnsm",
"_score" : 1.0,
"_source" : {
"request" : "value3",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T13:26:57.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "asdssdnsnsjnADNJSDA",
"_score" : 1.0,
"_source" : {
"request" : "value3",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T13:26:58.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "sdfnsdjfsdjfsdjf",
"_score" : 1.0,
"_source" : {
"request" : "value4",
"referrer" : "-",
"response_code" : 301,
"timestamp" : "2021-03-28T13:26:58.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "sdnasjdsjadasj",
"_score" : 1.0,
"_source" : {
"request" : "value5",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T13:26:58.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "ASDSBSNBFNBF",
"_score" : 1.0,
"_source" : {
"request" : "value6",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T13:26:59.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "sdnsdnsdbvnbvn",
"_score" : 1.0,
"_source" : {
"request" : "value7",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T13:26:57.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "ASNSNCBSNBSNB",
"_score" : 1.0,
"_source" : {
"request" : "value8",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T13:27:01.000Z"
}
},
{
"_index" : "qa-web-logs-2021.03.28",
"_type" : "_doc",
"_id" : "SSFSNFBSNFSN",
"_score" : 1.0,
"_source" : {
"request" : "value9",
"referrer" : "-",
"response_code" : 304,
"timestamp" : "2021-03-28T12:03:27.000Z"
}
}
]
}
}

2

Please do not open more than 1 thread on the same topic.

Please continue the discussion in that thread.

Please provide a set of sample data and sample that were not returned.

1 Like