Timestamps in Range Query

Hi,
Would appreciate any assistance.

I'm trying to get some data using this query:

POST /agents-*/_search
{
  "facets": {
    "2": {
      "query": {
        "filtered": {
          "query": {
            "query_string": {
              "query": "message_details:\"Starting shift\""
            }
          },
          "filter": {
            "bool": {
              "must": [
                {
                  "range": {
                    "@timestamp": {
                      "from": "2017-07-31T10:00:00.000",
                      "to": "2017-07-31T12:00:00.000"
                    }
                  }
                }
              ]
            }
          }
        }
      }
    }
  },
  "size": 0
}

But getting no useful data back.

the same query works perfectly when the @tiimestamp range is changed to:

 "@timestamp": {
                      "from": "now-2h",
                      "to": "now"

it also seems to work okay when the timestamp(s) are provided as Unix time (seconds since epoch?).

How to write this query so I can use timestamps like:

"from": "2017-07-31T10:00:00.000",
"to": "2017-07-31T12:00:00.000"

In my query.

Possible?

Thanks.

Hi,

you can find more informations here: https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#date-math

you can try your query with:

from = "2017-07-31T10:00:00.000||-2h/h"
to "2017-07-31T10:00:00.000"

bye,
Xavier

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.