Query string with range

X_Calibur · May 9, 2017, 2:15pm

I'm having difficulties getting the this one right.
What did I miss?

{
"query": {
"query_string" : {
"analyze_wildcard": true,
"query" : "failed to add key to cache"
},
"range": {
"@timestamp": {
"gte": "now-900s"
}
}
}
}

lwintergerst · May 9, 2017, 2:33pm

If you want to combine multiple queries - in this case the range and the query string - you will have to wrap them in a bool query. This is how the correct query will look like:

{
  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
            "analyze_wildcard": true,
            "query": "failed to add key to cache"
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "now-500d"
            }
          }
        }
      ]
    }
  }
}

X_Calibur · May 9, 2017, 2:44pm

This does not quite seem to cut it though.

I was looking to find the EXACT term "failed to add key to cache".

This however is looking for any of the words in it.

X_Calibur · May 9, 2017, 2:52pm

found it!

"failed to add key to cache"
should be
""failed to add key to cache""

thanks!

system · June 6, 2017, 3:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combining query string query with range query Elasticsearch	1	880	July 5, 2017
Error when combining queries using bool Elasticsearch	3	2066	March 21, 2018
Combining bool and range queries Elasticsearch	2	34917	May 16, 2017
I cant join a query string and query range Kibana	3	286	October 17, 2019
Combining simple_query_string with range and fuzziness Elasticsearch	3	2299	July 6, 2017

Query string with range

Related topics