Hi,
Using ES 5.x ..
Would appreciate some assistance with a filtered query, please.
I need to query my data using the "exists" filter to retrieve all documents where a specified field exists but I need it to be filtered by the last three days. Here is what I have:
{
"filter": {
"bool": {
"must": [
{
"exists": {
"field": "exceptioncapture"
}
},
{
"range": {
"@timestamp": {
"gt": "now",
"lt": "now-3d"
}
}
}
]
}
}
}
I am getting back:
{
"took": 260,
"timed_out": false,
"_shards": {
"total": 55,
"successful": 55,
"failed": 0
},
"hits": {
"total": 0,
"max_score": null,
"hits": []
}
}
But no actual documents. I know the documents are there as running a query like:
{
"_source":["exceptioncapture","message","@timestamp"],
"filter": {
"exists": {
"field": "exceptioncapture"
}
},
"size": 10,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
Actually returns documents.
Would really appreciate any help with how to accomplish this seemingly simple query.