Query help request

Kryten · April 14, 2017, 3:31pm

Hi,

Using ES 5.x ..

Would appreciate some assistance with a filtered query, please.

I need to query my data using the "exists" filter to retrieve all documents where a specified field exists but I need it to be filtered by the last three days. Here is what I have:

{
      "filter": {
        "bool": {
          "must": [
            {
              "exists": {
                "field": "exceptioncapture"
              }
            },
            {
              "range": {
                "@timestamp": {
                  "gt": "now",
                  "lt": "now-3d"
    			}
              }
            }
          ]
        }
      }
    }

I am getting back:

{
	"took": 260,
	"timed_out": false,
	"_shards": {
		"total": 55,
		"successful": 55,
		"failed": 0
	},
	"hits": {
		"total": 0,
		"max_score": null,
		"hits": []
	}
}

But no actual documents. I know the documents are there as running a query like:

{
	"_source":["exceptioncapture","message","@timestamp"],
    "filter": {
        "exists": {
         "field": "exceptioncapture"
         }
    },
    "size": 10,
    "sort": [
    {
        "@timestamp": {
        "order": "desc"
        }
    }
    ]
}

Actually returns documents.

Would really appreciate any help with how to accomplish this seemingly simple query.

s1monw · April 21, 2017, 7:43am

I think you need to swap gt and lt ...

system · May 19, 2017, 7:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Exists syntax placement with change Elasticsearch	1	723	August 22, 2017
Exists query? Elasticsearch	5	358	July 6, 2017
Exists query Elasticsearch	2	311	July 6, 2017
Query filter not working in ES 5.3 Elasticsearch	2	387	August 17, 2018
Exists filter broken on 1.5.0 with restored index? Elasticsearch	6	474	July 6, 2017

Query help request

Related Topics