Hello,
I'm attempting to extract the number of status 500 errors from an
ElasticSearch server over a range of time and I believe that the data is
incorrect or too high and believe that the query may be incorrect. (I'm
using a search query from logstash and dumping it straight into a ruby
script.
#elastic.rb
require 'elasticsearch'
client = Elasticsearch::Client.new hosts: [{host: '10.10.10.10', port:
9200}]
value = client.search index: '2015.04.28',
body: {
"facets"=> {
"0"=> {
"date_histogram"=> {
"field"=> "@timestamp",
"interval"=> "15m"
},
"global"=> true,
"facet_filter"=> {
"fquery"=> {
"query"=> {
"filtered"=> {
"query"=> {
"query_string"=> {
"query"=> "type:iis6 AND status:500"
}
},
"filter"=> {
"bool"=> {
"must"=> [
{
"range"=> {
"@timestamp"=> {
"from"=> "#{last_time}",
"to"=> "#{current_time}"
}
}
}
]
}
}
}
}
}
}
}
},
"size"=> 0
}
values = value["hits"]["total"] # where current_time is current time in
epoch and last_time is current_time-7200(2 hours)
I'm getting a very high value (over 340,000) when I should be getting a
value of say 272 errors over a 2 hour period.
Can you please tell me what I'm doing wrong?
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/36623448-ae2d-426b-b870-54804797853b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.