Elasticsearch input plugin: range query doesn't match any document

Mathias_Bazin · December 18, 2020, 12:04pm

Hello,

I'm having trouble collecting data periodically from an elasticsearch index. My input config is quite simple

input {
  elasticsearch {
    hosts => "${ELASTICSEARCH_URL_INPUT}"
    index => 'logcentral_pn'
    docinfo => true
    query => '{"query":{"range":{"date":{"gt":"now-5m/m","lte":"now/m"}}},"sort":[{"date":{"order":"asc"}}]}'
  }
}

But when I start Logstash with this it does nothing and then terminates.

[2020-12-18T11:50:22,275][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max │
│ _inflight"=>125, "pipeline.sources"=>["/home/config/oi107-sdx.conf"], :thread=>"#<Thread:0x42c2d9bb@/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:54 run>"}                  │
│ [2020-12-18T11:50:23,173][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>0.9}                                                                          │
│ [2020-12-18T11:50:23,308][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}                                                                                              │
│ [2020-12-18T11:50:23,341][INFO ][logstash.agent           ] Pipelines running {:count=>2, :running_pipelines=>[:".monitoring-logstash", :main], :non_running_pipelines=>[]}                             │
│ [2020-12-18T11:50:23,733][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}                                                                                    │
│ [2020-12-18T11:50:24,674][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main"}                                                                                           │
│ [2020-12-18T11:50:25,000][INFO ][logstash.pipelinesregistry] Removed pipeline from registry successfully {:pipeline_id=>:main}                                                                          │
│ [2020-12-18T11:50:26,708][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline terminated {"pipeline.id"=>".monitoring-logstash"}                                                           │
│ [2020-12-18T11:50:27,104][INFO ][logstash.runner          ] Logstash shut down.

The thing is that if I run this exact query on kibana or even in a curl I do receive data so the query not returning anything is not the problem.

I also tried with other queries and it seems to work fine with match_all. The mapping of the field date is defined as {"type": "date"}

I'm using Logstash 7.10.1 trying to collect in Elasticsearch 7.4.2

Any ideas about this ?

Thanks in advance

system · January 15, 2021, 12:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch input plugin not working Logstash	15	3018	June 5, 2017
Logstash "elasticsearch" input doesn't start Logstash	4	613	June 1, 2020
Query not executing in Elasticsearch input plugin for logstash Logstash	7	992	March 28, 2023
Range query blocks elasticsearch Elasticsearch	3	1247	September 19, 2017
Elasticsearch input plugin is not working Logstash	4	3274	April 2, 2018

Elasticsearch input plugin: range query doesn't match any document

Related Topics