Total hits issue while drill down for a day search

ElasticUsers · January 6, 2012, 8:17am

Hi,

I am using following query to search the data for a particular day 30/12/2011 (30th of Dec, 2011):

curl -XGET http://localhost:9200/_search?pretty=1 -d '{
"from" : 0,
"size" : 5,
"query" : {
"filtered" : {
"query" : {
"match_all" : {
}
},
"filter" : {
"range" : {
"date" : {
"from" : "2011/12/30 00:00:00",
"to" : "2011/12/30 23:59:59",
"include_lower" : true,
"include_upper" : false
}
}
}
}
},
"explain" : true,
"sort" : [ {
"date" : {
"order" : "desc"
}
} ]
}'

I am getting total hits as 100.

Now I am breaking the time interval "2011/12/30 00:00:00" to "2011/12/30 23:59:59" into hourly figures like following and perform search to drill down to finer details :

2011/12/30 00:00:00 to 2011/12/30 00:59:59
2011/12/30 01:00:00 to 2011/12/30 01:59:59
2011/12/30 02:00:00 to 2011/12/30 02:59:59
2011/12/30 03:00:00 to 2011/12/30 03:59:59
2011/12/30 04:00:00 to 2011/12/30 04:59:59
2011/12/30 05:00:00 to 2011/12/30 05:59:59
2011/12/30 06:00:00 to 2011/12/30 06:59:59
2011/12/30 07:00:00 to 2011/12/30 07:59:59
2011/12/30 08:00:00 to 2011/12/30 08:59:59
2011/12/30 09:00:00 to 2011/12/30 09:59:59
2011/12/30 10:00:00 to 2011/12/30 10:59:59
2011/12/30 11:00:00 to 2011/12/30 11:59:59
2011/12/30 12:00:00 to 2011/12/30 12:59:59
2011/12/30 13:00:00 to 2011/12/30 13:59:59
2011/12/30 14:00:00 to 2011/12/30 14:59:59
2011/12/30 15:00:00 to 2011/12/30 15:59:59
2011/12/30 16:00:00 to 2011/12/30 16:59:59
2011/12/30 17:00:00 to 2011/12/30 17:59:59
2011/12/30 18:00:00 to 2011/12/30 18:59:59
2011/12/30 19:00:00 to 2011/12/30 19:59:59
2011/12/30 20:00:00 to 2011/12/30 20:59:59
2011/12/30 21:00:00 to 2011/12/30 21:59:59
2011/12/30 22:00:00 to 2011/12/30 22:59:59
2011/12/30 23:00:00 to 2011/12/30 23:59:59

When I sum all the hourly totals , the sum is 98. It should have been 100 as the total hits for 30/12/2011 is 100. Could it be due to the fact that we are not specifying the millis in time and we are losing the hits for millis? The date format specified in mapping while creating the indices is "yyyy/MM/dd HH:mm:ss", it doesn't have millis.

Please suggest.

Thanks

Clinton_Gormley · January 6, 2012, 9:22am

        "from" : "2011/12/30 00:00:00",
        "to" : "2011/12/30 23:59:59",
        "include_lower" : true,
        "include_upper" : false

When I sum all the hourly totals , the sum is 98. It should have been 100 as
the total hits for 30/12/2011 is 100. Could it be due to the fact that we
are not specifying the millis in time and we are losing the hits for millis?
The date format specified in mapping while creating the indices is
"yyyy/MM/dd HH:mm:ss", it doesn't have millis.

You're specifying include_upper:false, but the 'to' value in that case
should actually be '2011/12/31 00:00:00'.

clint

ElasticUsers · January 9, 2012, 6:34am

Thanks Clinton..

Topic		Replies	Views
TIme interval searchs in elasticsearch Elasticsearch	1	420	July 5, 2017
Elasticsearch API Search query does not give correct results between timestamp range Elasticsearch	2	477	March 30, 2021
How do you get Hit counts from elasticsearch Elasticsearch	3	1597	October 10, 2019
Engineer Class Lab 4.1 - Missing data Elastic Training	2	405	November 18, 2022
Elastic dev tool has different total hits number than discover query search Elasticsearch	10	363	November 1, 2023

Total hits issue while drill down for a day search

Related topics