Timestamp range not querying properly

Hi,

I'm using elasticsearch 7.X and I'm having difficulties querying a time range.
My code

res = es.search(index='*', body={
  'query': {
    'range': {
      'app_timestamp':{
      	'gte': '2019-06-20T12:00:00',
      	'lte': '2019-06-20T14:00:00',
        'time_zone': '+07:00'
      }
     }
  }
})

Some of the data

{
  "_index": "some_index",
  "_type": "SOME_TYPE",
  "_id": "amG7dmsBLEIGz_GafLkN",
  "_version": 1,
  "_score": 0,
  "_source": {
    "raw_message": "2019-06-20 13:56:20,144 DETAILS",
    "app_timestamp": "2019-06-20 13:56:20,144",
},
{
  "_index": "some_index",
  "_type": "SOME_TYPE",
  "_id": "h6WsdmsBa0Tg62_0xLj1",
  "_version": 1,
  "_score": 0,
  "_source": {
    "raw_message": "2019-06-20 13:56:02,347 GIVE ME DETAILS",
    "app_timestamp": "2019-06-20 13:56:02,347"
  }
},
{
  "_index": "some_index",
  "_type": "SOME_TYPE",
  "_id": "h6WsdmsBa0Tg62_0xLj1",
  "_version": 1,
  "_score": 0,
  "_source": {
    "raw_message": "2019-06-20 13:56:02,247 GIVE ME DETAILS",
    "app_timestamp": "2019-06-20 13:56:02,247"
  }
}

The result is the following:

{'_shards': {'failed': 0, 'skipped': 0, 'successful': 4, 'total': 4},
 'hits': {'hits': [],
          'max_score': None,
          'total': {'relation': 'eq', 'value': 0}},
 'timed_out': False,
 'took': 0}

I've tried changing my index to 'some_index' also.

Thanks in advance,
Ry

What's your time zone? You coded UTC time with a default zero timezone in your query clause.

I'm on PTC. I modified my query and data but I'm still not getting any results back.

Here's a screenshot on what is happening.

Screenshot from 2019-06-21 09-27-02.png696×537 64 KB

What's the mapping of documents? Why don't you use date format same as your raw data in query script?

It works now. I'm forced to use a mapping on my indexes.

Thanks for the reply!
Ry

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.