SQL INTERVAL question

rdesanno · October 14, 2019, 3:52pm

I'm trying to write a simple Elastic SQL that polls the temperature value in the last 3 minutes but i'm not able to select such a small timeframe. It should be as simple as NOW() - INTERVAL 3 MINUTES but that returns nothing.

If I increase the INTERVAL to 250 minutes, that somehow equates to the last 10 minutes and I don't understand how that can be.

What could I be doing wrong here?

sql> SELECT timestamp AS TIME, round(TEMPERATURE_A,1) AS TEMP FROM \"test*\" WHERE agent.hostname = 'b-1-1' AND TEMP is not null AND TIME < NOW() AND TIME > NOW() - INTERVAL 250 MINUTES ORDER BY TIME DESC LIMIT 1;
          TIME          |     TEMP
------------------------+---------------
2019-10-14T11:42:00.000Z|-166.9

sql> SELECT timestamp AS TIME, round(TEMPERATURE_A,1) AS TEMP FROM \"test*\" WHERE agent.hostname = 'b-1-1' AND TEMP is not null AND TIME < NOW() AND TIME > NOW() - INTERVAL 250 MINUTES ORDER BY TIME ASC LIMIT 1;
          TIME          |     TEMP
------------------------+---------------
2019-10-14T11:33:00.000Z|-166.9

241 seems like it represents the last minute but again, I am at a loss

sql> SELECT timestamp AS TIME, round(TEMPERATURE_A,1) AS TEMP FROM \"test*\" WHERE agent.hostname = 'b-1-1' AND TEMP is not null AND TIME < NOW() AND TIME > NOW() - INTERVAL 240 MINUTES ORDER BY TIME ASC;
     TIME      |     TEMP
---------------+---------------

sql> SELECT timestamp AS TIME, round(TEMPERATURE_A,1) AS TEMP FROM \"test*\" WHERE agent.hostname = 'b-1-1' AND TEMP is not null AND TIME < NOW() AND TIME > NOW() - INTERVAL 241 MINUTES ORDER BY TIME ASC;
          TIME          |     TEMP
------------------------+---------------
2019-10-14T11:50:00.000Z|-166.9
2019-10-14T11:50:00.000Z|-166.9
2019-10-14T11:50:00.000Z|-166.9

sql>

Any ideas?

William_Brafford · October 14, 2019, 5:26pm

Hi, Rob.

I'm not able to replicate this on Elasticsearch 7.4. I used the following steps in the Kibana dev console.

Post mappings to get the right datatypes:

PUT sql_testing2
{
  "mappings": {
    "properties" : {
        "TEMPERATURE_A" : {
          "type" : "float"
        },
        "timestamp" : {
          "type" : "date"
        }
      }
  }
}

Post a document for testing (it's 17:19 UTC time, as I test):

PUT sql_testing2/_doc/2
{
  "timestamp": "2019-10-14T17:18:00.000Z",
  "TEMPERATURE_A": 312.2
}

Run a slightly modified version of your query against the REST API:

POST /_sql?format=txt
{
  "query": "SELECT timestamp AS TIME, round(TEMPERATURE_A,1) AS TEMP FROM sql_testing2 WHERE TEMP is not null AND TIME < NOW() AND TIME > NOW() - INTERVAL 400 MINUTES"
}

          TIME          |     TEMP      
------------------------+---------------
2019-10-14T17:18:00.000Z|312.2

Have you checked your logic around timezones? You can see what now() is returning by running SELECT now() AS RIGHT_NOW;.

I hope this is helpful!

-William

rdesanno · October 14, 2019, 5:58pm

You nailed it. It's the difference in timezones thats causing the offset and never occurred to me (it's 1:55 right now). Thanks for the assist!!

{
  "columns" : [
    {
      "name" : "RIGHT_NOW",
      "type" : "datetime"
    }
  ],
  "rows" : [
    [
      "2019-10-14T17:55:49.542Z"
    ]
  ]
}

system · November 11, 2019, 6:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic SQL and cURL not playing nice Elasticsearch	6	2405	November 21, 2019
Elastic SQL is not working with time bound data Elasticsearch	2	454	December 12, 2019
How to Query last 90 minutes records in elasticsearch sql query Elasticsearch elastic-stack-sql	2	2813	May 9, 2019
Canvas sql query for last 30 seconds Kibana	3	345	July 16, 2019
Timezone in _sql query Elasticsearch elastic-stack-sql	2	1575	March 21, 2020

SQL INTERVAL question

Related topics