How to fix this date range

pk.241011 · July 29, 2020, 1:52pm

Hi,

Here is sample code from the documentation:

GET /_search
{
  "query": {
    "range": {
      "timestamp": {
        "gte": "now-1d/d",
        "lt": "now/d"
      }
    }
  }
}

I want to change it so that now only uses the date part and not the time.
My usecase is to get previous day data for 24 hours e.g Between 00:00:00 and 23:59:59.
In other words the range should be [28-07-2020 to 29-07-2020].

Is there any extension on now like now.Date?

I was looking at painless script but not sure how to implement a functionality similar to range.

This answer is very close but I am not able to find how to find current date only without time.

Bernt_Rostad · July 29, 2020, 2:34pm

I believe you can solve your case by supplying a format in the range query.

pk.241011 · July 29, 2020, 3:30pm

I am not sure if I am getting right results.

GET testindex/_search
{
  "_source": [
    "@timestamp"
  ],
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-1d/d",
        "lt": "now",
        "format": "yyyy-MM-dd"
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ],
  "script_fields": {
    "currentdate": {
      "script": {
        "lang":   "painless",
        "inline": "def date = new Date();return date;"
      }
    }
  }
}

Sample result:

  {
	"_index" : "testindex",
	"_type" : "logevent",
	"_id" : "YwY78iu6thrnhsrwZ",
	"_score" : null,
	"_source" : {
	  "@timestamp" : "2020-07-30T01:17:49.1361052+10:00"
	},
	"fields" : {
	  "currentdate" : [
		"2020-07-29T15:17:50.524Z"
	  ]
	},
	"sort" : [
	  1596045645136
	]
  },

It should have returned events with date less than 29th. I think I am getting a bit crazy with all this UTC and local offset.

Bernt_Rostad · July 29, 2020, 3:42pm

Yes, this seems to be an UTC issue since 2020-07-30T01:17:49 +10:00 is the same as 2020-07-29T15:16:49 UTC - which is within the date range you wanted. So you'll need to handle that as well.

I haven't faced this issue myself, but perhaps you could try the time_zone parameter mentioned in the date range documentation? Quoting:

time_zone

(Optional, string) Coordinated Universal Time (UTC) offset or IANA time zone used to convert date values in the query to UTC.

system · August 26, 2020, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.