Elasticsearch search is not working

Elastic Stack Elasticsearch
1

This search returns the correct document in kibana.

date:"18-01-29" AND time:"00:59:58,809" AND EventType:"ERROR"

How do I search the same document in elasticsearch?

I get an error with this search.

curl -XGET 'ip:9200/index_name/_search?pretty' -H 'Content-Type: application/json' -d'
{
    "query": {
        "query_string": {
            "query": "(date:18-01-29) AND (EventType:ERROR) AND (time:00\:59\:58,809)"
        }
    }
}
'

"reason" : "Unrecognized character escape ':' (code 58)\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@3124698d; line: 5, column: 75]"

This search does not return the correct document in elasticsearch.

curl -XGET 'ip:9200/index_name/_search?pretty' -H 'Content-Type: application/json' -d'
{
  "query": {
    "bool": {
      "must": [
        { "match": { "date": "18-01-29" }},
        { "match": { "time": "00:59:58,809"  }},
        { "match": { "EventType": "ERROR"  }}
      ]
    }
  }
}
'
2

Please format your code using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

Please edit your post.

3

I can not reproduce your issue. The query is good on my end. I'd say that you have somewhere a bad character.
I tried it in Kibana Console.

4

How about this?

curl -XGET 'ip:9200/index_name/_search?pretty' -H 'Content-Type: application/json' -d'
{
"query": {
"query_string": {
"query": "(date:18-01-29) AND (EventType:ERROR) AND (time:\"00:59:58,809\")"
}
}
}
'

Or

curl -XGET "http://ip:9200/index_name/_search?pretty" -H 'Content-Type: application/json' -d'
{
  "query": {
    "query_string": {
      "query": "(date:18-01-29) AND (EventType:ERROR) AND (time:00\\:59\\:58,809)"
      }
    }
}'

See Reserved Character: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_reserved_characters

I'm not sure why your 2nd query doesn't work, need more example data...

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.