How do I filter a regexp query by timestamp?

Ryan_McGauley · July 9, 2018, 9:34pm

I'm trying to make a query that will search based on a regular expression, then filter out the results based on a timestamp eventTimeStamp

Here is the link to the query I was trying to execute

and the error that resulted from it

I haven't been able to find anything about this elsewhere, which leads me to believe that what I'm trying to do is not possible.

Any help is appreciated.

klof · July 10, 2018, 11:43am

You have an error in the syntax.
You cannot have regex and range queries on the same level.
You need to combine them with a bool query for example :

GET firehose-raw/_search
{
  "query": {
    "bool": {
      "filter": {
        "range": {
          "eventTimeStamp": {
            "lte": "2018-05-10T05:05:05.005"
          }
        }
      },
      "should": [
        {
          "regexp": {
            "rawlog.keyword": ".*unresponsive target=/.*"
          }
        }
      ]
    }
  }
}

system · August 7, 2018, 11:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query with Regexp and Filter together Elasticsearch	1	439	July 6, 2017
Rexexp query with filtering Elasticsearch	3	344	June 2, 2019
Does regex work on timestamp? Elasticsearch	2	1365	November 25, 2021
Filtering by Range Elasticsearch	5	6708	January 26, 2018
How to use regex Elasticsearch	8	430	June 3, 2020

How do I filter a regexp query by timestamp?

Related Topics