Hi all,
trying to understand how to perform search within specific timelines, I guess it's range querying but in this case the 'timestamps' are within my indexed field. I tried some queries like "range" : { "ts" : { "gte" : "sometime", "lt" : "sometime" } } and .setQuery(QueryBuilders.rangeQuery("ts").from("sometime").to(sometime")) but got no hits returned. It seems the dates are not understandable by search client.
I read about mappings formats(date) but it seems it concerns only Types. What to do with the fields I get parsed from Logstash?
Below is the screenshot from Elastic HQ, I need to select by specific time-frame from Ts field. I would appreciate any help or thoughts.
What is the ts field mapped as?
String
The type of the Lucene query depends on the field type, for string fields, the TermRangeQuery, while for number/date fields, the query is a NumericRangeQuery.
So start there, or map the field correctly.