Elasticsearch - query with 2 conditions

Rohlik · June 23, 2020, 2:07pm

Hi there,
I want get result from Elasticsearch of specific fields (and their values) which match 2 criteria - date and string match. But I something doing wrong, because I receiving this error:

[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]
My query:

    GET monitoring/_search
        {
          "_source": [
            "AmountCurr",
            "AmountRaw"
          ],
          "query": {
            "bool": {
              "must": [
                {
                  "match": {
                    "LogType": "OK"
                  },
                  "range": {
                    "@timestamp": {
                      "gt": "now-1d/d",
                      "lt": "now/d"
                    }
                  }
                }
              ]
            }
          }
        }

What I did wrong?
PS: I took inspiration from elasticsearch - How to have Range and Match query in one elastic search query using python? - Stack Overflow

Thank you.

dadoonet · June 23, 2020, 2:53pm

Did not test it but I guess this should work:

    GET monitoring/_search
    {
      "_source": [
        "AmountCurr",
        "AmountRaw"
      ],
      "query": {
        "bool": {
          "must": [
            {
              "match": {
                "LogType": "OK"
              }},{
              "range": {
                "@timestamp": {
                  "gt": "now-1d/d",
                  "lt": "now/d"
                }
              }
            }
          ]
        }
      }
    }

Rohlik · June 24, 2020, 2:46pm

Thank you @dadoonet. Now I can run query without error, but it seems that range filter is wrong because I received 0 hints. But I am absolutely sure that data in Elasticsearch exists.

When I change range part to this, then it is working:

"range": {
            "@timestamp": {
              "gt": "now-15m"
            }
          }
        }

My timestamp field in document looks like:
"@timestamp": "2020-06-24T14:45:07.004Z"

Where is problem?

Rohlik · June 26, 2020, 1:15pm

I finally found my problem.
I must replace gt with gte in my query.
Thank you for your time.

system · July 24, 2020, 1:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch Malformed Query, Expected [END_OBJECT] but found [Field_Name] Elasticsearch	3	1435	April 28, 2023
Boolean query with two conditions on a field Elasticsearch	14	3583	April 21, 2020
Elasticsearch query time range issue Elasticsearch	51	5379	May 6, 2021
Filtering by date and time as different fields Elasticsearch	10	11971	July 5, 2017
Filtering by date range or by field value Elasticsearch	2	20311	June 9, 2017

Elasticsearch - query with 2 conditions

Related Topics