I'm trying to run a simple query for messages that have a specific key using Python, but also limit the results between two timestamps. I managed to query for the existing key using the following:
import sys
from getpass import getpass
from elasticsearch import Elasticsearch
from elasticsearch_dsl import Q, Search
client = Elasticsearch(
'https://elapi-rc.ipsw.dt.ept.lu',
http_auth=('malbert', getpass()))
field_query = Q('query_string', query='_exists_:ept.runtime_seconds')
s = Search(using=client, index="oss-*")
s = s.query(field_query)
s = s[0:10]
for hit in result:
print(hit)
But now I can't seem to find any solution to also query for the @timestamp
field
Here is one of my attempts:
[...]
time_query = Q('range', timestamp={
'gte': '2018-01-01 00:00:00',
'lt': 'now'
})
field_query = Q('query_string', query='_exists_:ept.runtime_seconds')
s = Search(using=client, index="oss-*")
s = s.query(field_query)
s = s.query(time_query)
[...]
But that does return an empty set. So I guess the timestamp
filter is not quite right. I am sure that I have entries in that time-range!
s = s.filter('range', timestamp={'gte': '2018-01-01 00:00:00', 'lt': 'now'})
without any luck (also returns an empty set).
I am a bit confused at other posts. I've seen a post mentioning that @timestamp
would be a valid identifier, but that's not the case. Code like the following is a syntax-error in Python:
time_query = Q('range', @timestamp={ # <-- syntax error
'gte': '2018-01-01 00:00:00',
'lt': 'now'
})
I can see in kibana that the timestamp field is indeed named @timestamp
so I am not sure if my query above simply uses the wrong field.
So how do I specify that it should look into @timestamp
?