Search query not returning result data

jsr · July 13, 2022, 6:54am

I tried to fetch data via search query api through postman
/_search

if I search through without filter

{
  "query": {
    "match": {
      "message": {
        "query": "matching_data"
      }
    }
  }
}

I'm getting data result in this query

but below query format and filter I'm not getting data

{
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "message": {
                "query": "matching_data"
             }
          }
        },
        {
          "range": {
            "startTime": {
              "from": "2020-01-01",
              "to": "2022-10-20"
            }
          }
        }
      ]
    }
  }
}

response

{
    "took": 17,
    "timed_out": false,
    "_shards": {
        "total": 381,
        "successful": 381,
        "skipped": 0,
        "failed": 0
    },
    "hits": {
        "total": {
            "value": 0,
            "relation": "eq"
        },
        "max_score": null,
        "hits": []
    }
}

Christian_Dahlqvist · July 13, 2022, 7:01am

Which version of Elasticsearch are you using?

What is the mapping for the fields used in the queries?

Can you provide an example document that you expect to find?

jsr · July 13, 2022, 7:09am

Elasticsearch version : 7.15.2

mapping => "message" : "any string"

I want number of count of string match in the give time range

Christian_Dahlqvist · July 13, 2022, 8:01am

That is not the mapping. Use the get mapping API to get the index mappings.

Please show a sample JSON document you expect the query to find.

jsr · July 13, 2022, 10:33am

Mapping

{
  "logs-2022.05.19" : {
    "mappings" : {
      "properties" : {
        "@timestamp" : {
          "type" : "date"
        },
        "@version" : {
          "type" : "keyword"
        },
        "appname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "asctime" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "environment" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "exc_info" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "exc_text" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "fields" : {
          "dynamic" : "true",
          "properties" : {
            "appname" : {
              "type" : "text",
              "fields" : {
                "keyword" : {
                  "type" : "keyword",
                  "ignore_above" : 256
                }
              }
            },
            "host" : {
              "properties" : {
                "ip" : {
                  "type" : "text",
                  "fields" : {
                    "keyword" : {
                      "type" : "keyword",
                      "ignore_above" : 256
                    }
                  }
                }
              }
            }
          }
        },
        "filename" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "funcName" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "host" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "host_ip" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "hostname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "levelname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "lineno" : {
          "type" : "long"
        },
        "message" : {
          "type" : "text"
        },
        "meta" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "module" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "msg" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "name" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "pathname" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "process" : {
          "type" : "long"
        },
        "processName" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "severity" : {
          "type" : "keyword"
        },
        "stack_info" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "stacktrace" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "store_id" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "thread" : {
          "type" : "long"
        },
        "threadName" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        }
      }
    }
  }
}

searching a string with date range

{
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "message": {
                "query": "matching_data"
             }
          }
        },
        {
          "range": {
            "startTime": {
              "from": "2020-01-01",
              "to": "2022-10-20"
            }
          }
        }
      ]
    }
  }
}

Christian_Dahlqvist · July 13, 2022, 10:38am

I do not see any field named startTime in your mappings, which means the documents in that index does not have that field and the range query will therefore not return anything.

jsr · July 13, 2022, 11:10am

Thanks, I have updated startTime with timestamp.
Now I'am able to fetch the data. Help appreciated.

system · August 10, 2022, 11:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.