Elasticsearch search is not working

databeata · February 1, 2018, 12:53am

This search returns the correct document in kibana.

date:"18-01-29" AND time:"00:59:58,809" AND EventType:"ERROR"

How do I search the same document in elasticsearch?

I get an error with this search.

curl -XGET 'ip:9200/index_name/_search?pretty' -H 'Content-Type: application/json' -d'
{
    "query": {
        "query_string": {
            "query": "(date:18-01-29) AND (EventType:ERROR) AND (time:00\:59\:58,809)"
        }
    }
}
'

"reason" : "Unrecognized character escape ':' (code 58)\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@3124698d; line: 5, column: 75]"

This search does not return the correct document in elasticsearch.

curl -XGET 'ip:9200/index_name/_search?pretty' -H 'Content-Type: application/json' -d'
{
  "query": {
    "bool": {
      "must": [
        { "match": { "date": "18-01-29" }},
        { "match": { "time": "00:59:58,809"  }},
        { "match": { "EventType": "ERROR"  }}
      ]
    }
  }
}
'

dadoonet · February 1, 2018, 7:26am

Please format your code using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

Please edit your post.

dadoonet · February 1, 2018, 7:27am

I can not reproduce your issue. The query is good on my end. I'd say that you have somewhere a bad character.
I tried it in Kibana Console.

johtani · February 1, 2018, 8:51am

How about this?

curl -XGET 'ip:9200/index_name/_search?pretty' -H 'Content-Type: application/json' -d'
{
"query": {
"query_string": {
"query": "(date:18-01-29) AND (EventType:ERROR) AND (time:\"00:59:58,809\")"
}
}
}
'

Or

curl -XGET "http://ip:9200/index_name/_search?pretty" -H 'Content-Type: application/json' -d'
{
  "query": {
    "query_string": {
      "query": "(date:18-01-29) AND (EventType:ERROR) AND (time:00\\:59\\:58,809)"
      }
    }
}'

See Reserved Character: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_reserved_characters

I'm not sure why your 2nd query doesn't work, need more example data...

system · March 1, 2018, 8:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date Not Recognized Kibana	12	552	September 3, 2019
cURL - Could not get simple GET to work Elasticsearch	5	4266	May 3, 2018
ES timestamp index not working while creating index Elasticsearch	4	1969	June 29, 2018
Date Format error Elasticsearch	3	719	July 5, 2017
How to search Kibana for abc="def" in message string Kibana	3	293	January 13, 2021

Elasticsearch search is not working

Related Topics