I'm trying to make a query that will search based on a regular expression, then filter out the results based on a timestamp eventTimeStamp
Here is the link to the query I was trying to execute
and the error that resulted from it
I haven't been able to find anything about this elsewhere, which leads me to believe that what I'm trying to do is not possible.
Any help is appreciated.
You have an error in the syntax.
You cannot have regex and range queries on the same level.
You need to combine them with a bool query for example :
GET firehose-raw/_search
{
"query": {
"bool": {
"filter": {
"range": {
"eventTimeStamp": {
"lte": "2018-05-10T05:05:05.005"
}
}
},
"should": [
{
"regexp": {
"rawlog.keyword": ".*unresponsive target=/.*"
}
}
]
}
}
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.