Ranges with one side?

aabababba · December 20, 2018, 10:49am

GET filebeat-*/_search
{
  "query": {
      "bool": {
        "must": [
        {
           "query_string": {
            "analyze_wildcard": true,
             "query": "message:>1000,
             "fuzzy_max_expansions": 50
         }
       
           },
       {
                  "range": {
                    "@timestamp": {
                      "gte": "now-5m",
                      "lte": "now",
                      "format": "epoch_millis"
                    }
                  }
                }
       ]
     }
   }
}

I want bigger than 1000,but reslut 500 is out too.

Marius_Dragomir · December 20, 2018, 1:33pm

I don't understand what you want here. You want to query where message is >1000 or you want more than 500 results?

aabababba · December 21, 2018, 1:46am

I want to query where message is >1000

aabababba · December 24, 2018, 2:18am

sorry, I want to query where message is >1000. but now the result 500 is query out too...

aabababba · December 24, 2018, 6:02am

thanks you for you reply,I get it, this string type,not number。。。

Marius_Dragomir · December 24, 2018, 8:32am

If you don't want to ingest the data again, you could use a scripted field to convert the data from the message field.

aabababba · December 24, 2018, 9:19am

OK,thanks you!

system · January 21, 2019, 9:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.