Hello!
I'm trying to create a query, that would return the last(sorted by
timestamp) 10 hits. I'm using logstash to parse and index my log files...
I tried 2 different queries:
{
"query" : {
"filtered" : {
"query": {"match" : {"user" : "abc"}},
"query": {"match" : {"login_succesful" : "true"}}
}
},
"sort": [
{ "timestamp": { "order": "desc" }}
]
}
and another one
{
"query" : {
"bool" : {
"must" : [
{"match" : {"user" : "abc"}},
{"match" : {"login_succesful" : "true"}}
]
},
"sort" : [
{ "timestamp": { "order": "desc" }
]
}
}
The first one lists all hits and doesn't sort and the 2nd one gives me
an error saying "Parse Failure [No parser for element [timestamp]]]; }]".
What am I doing wrong?
Should I define 'timestamp' field as date? Currently, all fields are
mapped as "string, index, analyzed"...
Matej
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5416E332.3040009%40gmail.com.
For more options, visit https://groups.google.com/d/optout.