QueryString to search String with colon

Elastic Stack Elasticsearch
1

i am trying to achieve below condition

loginId = "z2store" and type = "web" and dateTime = "12:17:08"

below query i have written

GET /sample/_search
{
  "bool" : {
    "must" : [
      {
        "term" : {
          "orgId" : {
            "value" : "z2store",
            "boost" : 1.0
          }
        }
      },
      {
        "term" : {
          "type" : {
            "value" : "web",
            "boost" : 1.0
          }
        }
      },
      {
        "query_string" : {
          "query" : "12:17:08",
          "default_field" : "dateTime",
          "fields" : [ ],
          "type" : "best_fields",
          "default_operator" : "or",
          "max_determinized_states" : 10000,
          "enable_position_increments" : true,
          "fuzziness" : "AUTO",
          "fuzzy_prefix_length" : 0,
          "fuzzy_max_expansions" : 50,
          "phrase_slop" : 0,
          "escape" : false,
          "auto_generate_synonyms_phrase_query" : true,
          "fuzzy_transpositions" : true,
          "boost" : 1.0
        }
      }
    ],
    "adjust_pure_negative" : true,
    "boost" : 1.0
  }
}

below is my java code

BoolQueryBuilder boolQuery = new BoolQueryBuilder().must(QueryBuilders.termQuery("orgId", orgId))
                        .must(QueryBuilders.termQuery("type", "web"));
QueryStringQueryBuilder builder = new QueryStringQueryBuilder("12:17:08");
                        builder.defaultField("dateTime").queryString();
                        boolQuery.must(builder);
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(builder)
                        .from((batchNumber - 1) * batchSize).size(batchSize)
                        .sort("@timestamp", SortOrder.DESC);

Above query is not working. Any help will be appreciated. I am using elasticSearch 7.4.

2

Hi Gyana.
See https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_reserved_characters

3

rewrite below query

{
           "query_string" : {
             "query" : "12\\:\\17\\:\\08",
             "default_field" : "dateTime",
             "fields" : [ ],
             "type" : "best_fields",
             "default_operator" : "or",
             "max_determinized_states" : 10000,
             "enable_position_increments" : true,
             "fuzziness" : "AUTO",
             "fuzzy_prefix_length" : 0,
             "fuzzy_max_expansions" : 50,
             "phrase_slop" : 0,
             "escape" : false,
             "auto_generate_synonyms_phrase_query" : true,
             "fuzzy_transpositions" : true,
             "boost" : 1.0
           }
         }

still getting error. Could you help me to write this.

4

Can you supply

  1. The error
  2. The document you expect to match
  3. The mapping.

Thanks

5

Hi Mark,
i would able to apply the setting to fix this issue. Thanks for the reply.