Problem with function_score and bool query including range

Badger · September 15, 2017, 4:00pm

I am trying to randomly pick documents from an index. This query successfully returns one document.

GET logstash-2017.09.10/_search
{
  "size": 1,
  "query": {
    "function_score": {
      "query": {
        "bool": {
          "must": [
            {
              "query_string": { "query": "filetype: iis AND env.keyword: PROD" }
            }
          ]
        }
      },
      "random_score": {}
    }
  }
}

However, if I add a range to narrow down the time, it starts returning zero documents.

GET logstash-2017.09.10/_search
{
  "size": 1,
  "query": {
    "function_score": {
      "query": {
        "bool": {
          "must": [
            {
              "query_string": { "query": "filetype: iis AND env.keyword: PROD" }
            },
            {
              "range" : {
                "timestamp" : {
                  "gt" : "2016-09-11 00:00:00",
                  "lt" : "2020-09-11 00:00:00"
                }
              }
            }
          ]
       }
      },
      "random_score": {}
    }
  }
}

I am expecting the bool/must to mean that documents must match both the query_string and the range. Is that not how it works? The range covers the entire time span of the index, so I expect it to be a no-op, but it actually stops the query working.

Badger · September 15, 2017, 4:11pm

Arrghh. It should have been

              "range" : {
                "@timestamp" : {
                  "gt" : "2016-09-11T00:00:00",
                  "lt" : "2020-09-11T00:00:00"
                }

What I originally had was copied from the documentation, which appears to me to be incorrect.

system · October 13, 2017, 4:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.