I cant join a query string and query range

andres_fever · September 18, 2019, 1:43am

I have the following query in dev tools in Kibana that works well for me, without determining a search time.

GET /example*/_count
{
  "query": {
    "query_string": {
      "query" : "(API002) AND (operation)"
                }
       }
}

Now I want to make this query within a specific time but I could not. I try this and with some modifications but it doesn't work for me.

GET /example*/_count
{
  "query": {
    "query_string": {
      "query" : "(API002) AND (operation)"
           },
              "range" : {
                "gte": "2019-09-16 00:00:00", 
                "lte": "now", 
                "time_zone": "+01:00"
                        }
          }
}

wangqinghuan · September 18, 2019, 3:17am

You can use bool query to combine mulitple query clause:

 GET /example*/_count
  {
  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
            "query": "(API002) AND (operation)"
          }
        },
        {
          "range": {
            "gte": "2019-09-16 00:00:00",
            "lte": "now",
            "time_zone": "+01:00"
          }
        }
      ]
    }
  }
}

andres_fever · September 19, 2019, 12:09pm

Hello, thanks for your help.
I used @timestamp.

GET /example*/_count
  {
  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
            "query": "(API002) AND (operation)"
          }
        },
        {
          "range": {
            "@timestamp" : {
                "gte" : "now-5760m",
                "lte" :  "now",
                "time_zone": "-05:00"
          }
          }
        }
      ]
    }
  }
}

Best regards.

system · October 17, 2019, 12:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.