Search query not returning result data

I tried to fetch data via search query api through postman
/_search

if I search through without filter

{
  "query": {
    "match": {
      "message": {
        "query": "matching_data"
      }
    }
  }
}

I'm getting data result in this query

but below query format and filter I'm not getting data

{
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "message": {
                "query": "matching_data"
             }
          }
        },
        {
          "range": {
            "startTime": {
              "from": "2020-01-01",
              "to": "2022-10-20"
            }
          }
        }
      ]
    }
  }
}

response

{
    "took": 17,
    "timed_out": false,
    "_shards": {
        "total": 381,
        "successful": 381,
        "skipped": 0,
        "failed": 0
    },
    "hits": {
        "total": {
            "value": 0,
            "relation": "eq"
        },
        "max_score": null,
        "hits": []
    }
}

Which version of Elasticsearch are you using?

What is the mapping for the fields used in the queries?

Can you provide an example document that you expect to find?

Elasticsearch version : 7.15.2

mapping => "message" : "any string"

I want number of count of string match in the give time range

That is not the mapping. Use the get mapping API to get the index mappings.

Please show a sample JSON document you expect the query to find.

Mapping

{
  "logs-2022.05.19" : {
    "mappings" : {
      "properties" : {
        "@timestamp" : {
          "type" : "date"
        },
        "@version" : {
          "type" : "keyword"
        },
        "appname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "asctime" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "environment" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "exc_info" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "exc_text" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "fields" : {
          "dynamic" : "true",
          "properties" : {
            "appname" : {
              "type" : "text",
              "fields" : {
                "keyword" : {
                  "type" : "keyword",
                  "ignore_above" : 256
                }
              }
            },
            "host" : {
              "properties" : {
                "ip" : {
                  "type" : "text",
                  "fields" : {
                    "keyword" : {
                      "type" : "keyword",
                      "ignore_above" : 256
                    }
                  }
                }
              }
            }
          }
        },
        "filename" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "funcName" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "host" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "host_ip" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "hostname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "levelname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "lineno" : {
          "type" : "long"
        },
        "message" : {
          "type" : "text"
        },
        "meta" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "module" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "msg" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "name" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "pathname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "process" : {
          "type" : "long"
        },
        "processName" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "severity" : {
          "type" : "keyword"
        },
        "stack_info" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "stacktrace" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "store_id" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "thread" : {
          "type" : "long"
        },
        "threadName" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        }
      }
    }
  }
}

searching a string with date range

{
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "message": {
                "query": "matching_data"
             }
          }
        },
        {
          "range": {
            "startTime": {
              "from": "2020-01-01",
              "to": "2022-10-20"
            }
          }
        }
      ]
    }
  }
}

I do not see any field named startTime in your mappings, which means the documents in that index does not have that field and the range query will therefore not return anything.

Thanks, I have updated startTime with timestamp.
Now I'am able to fetch the data. Help appreciated.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.