Hello!
I'm trying to create a query, that would return the last(sorted by
timestamp) 10 hits. I'm using logstash to parse and index my log files...
I tried 2 different queries:
{
"query" : {
"filtered" : {
"query": {"match" : {"user" : "abc"}},
"query": {"match" : {"login_succesful" : "true"}}
}
},
"sort": [
{ "timestamp": { "order": "desc" }}
]
}
and another one
{
"query" : {
"bool" : {
"must" : [
{"match" : {"user" : "abc"}},
{"match" : {"login_succesful" : "true"}}
]
},
"sort" : [
{ "timestamp": { "order": "desc" }
]
}
}
The first one lists all hits and doesn't sort and the 2nd one gives me an
error saying "Parse Failure [No parser for element [timestamp]]]; }]".
What am I doing wrong?
Should I define 'timestamp' field as date? Currently, all fields are mapped
as "string, index, analyzed"...
Also, which one of the queries is preferred? Filtered or query?
How to apply "must" condition in the 1st search?
Matej
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e956a1d4-a200-48c5-9841-2072e12cc149%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Anyone?
I'm using logstash to feed logs to Elasticsearch with default schema
template.
Timestamp field looks like this: Sep 17 07:30:36
Should I sort by @timestamp, looking like 2014-09-17T05:30:36.000Z?
Should I add another timestamp field with unix time and sort by that?
Matej
On 15.9.2014 15:07, matej.zerovnik@gmail.com wrote:
Hello!
I'm trying to create a query, that would return the last(sorted by
timestamp) 10 hits. I'm using logstash to parse and index my log files...
I tried 2 different queries:
{
"query" : {
"filtered" : {
"query": {"match" : {"user" : "abc"}},
"query": {"match" : {"login_succesful" : "true"}}
}
},
"sort": [
{ "timestamp": { "order": "desc" }}
]
}
and another one
{
"query" : {
"bool" : {
"must" : [
{"match" : {"user" : "abc"}},
{"match" : {"login_succesful" : "true"}}
]
},
"sort" : [
{ "timestamp": { "order": "desc" }
]
}
}
The first one lists all hits and doesn't sort and the 2nd one gives me
an error saying "Parse Failure [No parser for element [timestamp]]]; }]".
What am I doing wrong?
Should I define 'timestamp' field as date? Currently, all fields are
mapped as "string, index, analyzed"...
Also, which one of the queries is preferred? Filtered or query?
How to apply "must" condition in the 1st search?
Matej
--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearch+unsubscribe@googlegroups.com
mailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e956a1d4-a200-48c5-9841-2072e12cc149%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/e956a1d4-a200-48c5-9841-2072e12cc149%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/54191F47.9020001%40gmail.com.
For more options, visit https://groups.google.com/d/optout.