How could I append time stamp range within my elasticsearch query?

Kulasangar_Gowrisang · September 30, 2016, 10:19am

I'm trying perform an elasticsearch query as a POST request in order pull data from the index which I created. The data which is in the index is, a table from MySQL DB, configured though logstash.

Here is my request and the JSON body:

http://localhost:9200/response_summary/_search

Body:

{
   "query": {
       "query_string": {
           "query": "transactionoperationstatus:\"charged\" AND api:\"payment\" AND operatorid:\"XL\" AND userid:*test AND time:\"2015-05-27*\" AND responsecode:(200+201)"
       }
   },
    "aggs": {
      "total": {
          "terms": {
              "field": "userid"
          },
   "aggs": {
      "total": {
          "sum": {
              "script": "Double.parseDouble(doc['chargeamount'].value)"
          }
        }
    }
  }
 }
}

In the above JSON body, I'm in need to append the timestamp into the query_string in order get the data from the index within a date range. I tried adding at the end of the query as:

AND timestamp:[2015-05-27T00:00:00.128Z+TO+2015-05-27T23:59:59.128Z]"

Where am I going wrong? Any help would be appreciated.

nik9000 · October 1, 2016, 1:52pm

Generally I avoid query string because it is fairly brittle - if the query_string is coming from a user that you trust and you just want to add an extra condition then the right thing to do is to wrap the query_string in a bool query and add both the query_string and a range query as must clauses to the bool query.

Topic		Replies	Views
Adding time in a query? Kibana	6	11820	July 6, 2017
Timestamps in Range Query Elasticsearch	2	2039	August 28, 2017
Indexing and range querying with _timestamp (is there an example?) Elasticsearch	5	401	July 6, 2017
Date query Elasticsearch	3	382	July 6, 2017
Bool query with must on query_string (with date) and range does not work Elasticsearch	1	1639	October 31, 2019

How could I append time stamp range within my elasticsearch query?

Related topics