Elasticsearch input plugin: range query doesn't match any document

Elastic Stack Logstash
1

Hello,

I'm having trouble collecting data periodically from an elasticsearch index. My input config is quite simple

input {
  elasticsearch {
    hosts => "${ELASTICSEARCH_URL_INPUT}"
    index => 'logcentral_pn'
    docinfo => true
    query => '{"query":{"range":{"date":{"gt":"now-5m/m","lte":"now/m"}}},"sort":[{"date":{"order":"asc"}}]}'
  }
}

But when I start Logstash with this it does nothing and then terminates.

[2020-12-18T11:50:22,275][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max │
│ _inflight"=>125, "pipeline.sources"=>["/home/config/oi107-sdx.conf"], :thread=>"#<Thread:0x42c2d9bb@/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:54 run>"}                  │
│ [2020-12-18T11:50:23,173][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>0.9}                                                                          │
│ [2020-12-18T11:50:23,308][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}                                                                                              │
│ [2020-12-18T11:50:23,341][INFO ][logstash.agent           ] Pipelines running {:count=>2, :running_pipelines=>[:".monitoring-logstash", :main], :non_running_pipelines=>[]}                             │
│ [2020-12-18T11:50:23,733][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}                                                                                    │
│ [2020-12-18T11:50:24,674][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main"}                                                                                           │
│ [2020-12-18T11:50:25,000][INFO ][logstash.pipelinesregistry] Removed pipeline from registry successfully {:pipeline_id=>:main}                                                                          │
│ [2020-12-18T11:50:26,708][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline terminated {"pipeline.id"=>".monitoring-logstash"}                                                           │
│ [2020-12-18T11:50:27,104][INFO ][logstash.runner          ] Logstash shut down.

The thing is that if I run this exact query on kibana or even in a curl I do receive data so the query not returning anything is not the problem.

I also tried with other queries and it seems to work fine with match_all. The mapping of the field date is defined as {"type": "date"}

I'm using Logstash 7.10.1 trying to collect in Elasticsearch 7.4.2

Any ideas about this ?

Thanks in advance

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.