Filter timestamp range on es5

procipher · June 14, 2017, 4:44am

Hello @all, I have this mapping:

"@timestamp" : {
   "type" : "date",
   "format" : "strict_date_optional_time||epoch_millis"
}

And this structure:

"@timestamp" :"2017-06-09T05:38:09+00:00"

Now, I want to filter based on time range with:

"range" : {
            "@timestamp" : {
                "gte" : "now-1d/d",
                "lt" :  "now/d"
            }
        },

But its not working.

When I go with:

"match" : {
            "@timestamp" :"2017-06-09T05:38:09+00:00",
            }

It gives positive result. Why the range query is not working? Is there any problem on es5?

spinscale · June 14, 2017, 7:38am

Hey

Have you tried now-1d and now for the ranges? As you havent mentioned what your query should query for, this is of course just a guess...

--Alex

procipher · June 14, 2017, 8:43am

I separated match and range to separate query to this:

response = client.search(
    body={
    "size": 0,
    "query": {
        "match": {"host": "example.com"},
    },
    "query": {
        "range" : {
        "@timestamp" : {
           "gte" : "now-5d",
           "lt" :  "now"
            }
        }        
    },          
    "aggs" : {
        "total_size" : { "sum" : { "field" : "size" } }
        }
    }
)

But I am getting different result for now-1d/d and now-1d. Its weird or I did sth wrong? Thanks.

PS: I got sth like this: "the /X operator will round back in time to the nearest start of that time period. So /d will round back to the start of the day". What does this mean in simple understandable way?

spinscale · June 16, 2017, 10:05am

Hey,

now-5d goes back from the current point in time (noon for me) to the noon 5 days ago.

now/d creates a date like 2017.12.31, rounding to a full day.

--Alex

system · July 14, 2017, 10:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.