Elasticsearch DSL: How to use QueryString + Time Range properly?

Elastic Stack Elasticsearch
1

I’ve used the search.from_dict() to construct my query and received my results correctly.

es = Elasticsearch()
s = Search(using=es, index="logstash-*")
s = s.from_dict({
    "query": {
        "query_string": {
            "query": "discord_event:message AND author.bot:false",
            "analyze_wildcard": True
        }
    }
})
response = s.execute()

However, I can’t figure out how the proper syntax for:

Using QueryString

I have tried:

qs = QueryString(query="discord_event:message AND author.bot:false")
s = query(qs)

Doesn’t work.

Using time range to filter results

I have tried:

s = s.filter('range', timestamp={'gte': 'now-5m', 'lt': 'now'})

This gave zero results. In Kibana I did the same search with time range and am getting results.

Part of the reasons that I’d like to just use QS + time range is coz I am able to see my results in Kibana and would just like to plug in whatever I need after getting the correct results.

Any help would be greatly appeciated! I am using the Elasticsearch_DSL Python library btw.

2

Ok I have solved my own problem:

qs = QueryString(query="discord_event:message AND author.bot:false")
r = Range(** {'@timestamp': {'gte': 'now-7d', 'lt': 'now'}})
s.query(qs).query(r)

Please considered this issue closed.

2 Likes
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.