Trying to run a query on Elasticsearch 2.4

joshuaclark · April 25, 2019, 6:52pm

Hi,
I'm trying to pull data from elasticsearch 2.4 with a range. I'm running the following to try to get the last 5 days worth of data:

{ "query": { "range": { "timestamp": { "gte": "now-5d", "lte": "now", "format": "epoch_millis" } } } }'

However I get the following:
{
"error" : {
"root_cause" : [ {
"type" : "number_format_exception",
"reason" : "For input string: "now-5d""
} ],
"type" : "search_phase_execution_exception",
"reason" : "all shards failed",
"phase" : "query",
"grouped" : true,
"failed_shards" : [ {
"shard" : 0,
"index" : "ui-test-setup",
"node" : "r8bTLlBVQba8qI-yorCFnQ",
"reason" : {
"type" : "number_format_exception",
"reason" : "For input string: "now-5d""
}
} ]
},
"status" : 400
}
Just wondering what I'm missing.

dadoonet · April 25, 2019, 7:12pm

Try without "format": "epoch_millis"

joshuaclark · April 25, 2019, 7:14pm

Thanks for replying. When I try without it I still get

{
"error" : {
"root_cause" : [ {
"type" : "number_format_exception",
"reason" : "For input string: "now-5d""
} ],
"type" : "search_phase_execution_exception",
"reason" : "all shards failed",
"phase" : "query",
"grouped" : true,
"failed_shards" : [ {
"shard" : 0,
"index" : "ui-test-setup",
"node" : "r8bTLlBVQba8qI-yorCFnQ",
"reason" : {
"type" : "number_format_exception",
"reason" : "For input string: "now-5d""
}
} ]
},
"status" : 400
}

dadoonet · April 25, 2019, 7:34pm

What is the mapping?

joshuaclark · April 25, 2019, 7:40pm

{
"ui-test-setup" : {
"mappings" : {
"uiData" : {
"properties" : {
"customerInfo" : {
"properties" : {
"contact" : {
"type" : "string"
},
"email" : {
"type" : "string"
},
"name" : {
"type" : "string"
},
"phone" : {
"type" : "string"
}
}
},
"docType" : {
"type" : "string"
},
"name" : {
"type" : "string",
"index" : "not_analyzed"
},

dadoonet · April 25, 2019, 7:54pm

timestamp is not a date. So you can't apply a date range query on it.

dadoonet · April 25, 2019, 8:34pm

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

Do you have a document that matches?

Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

A full reproduction script will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.

joshuaclark · April 25, 2019, 8:43pm

I'm running this command:
GET "http://localhost:9200/ui-test-setup/_search?pretty" -d '{
"query": {
"range": {
"lastStarted": {
"gte": "now-5m",
"lte": "now",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}'

and I'm trying to get the following doc out of it if it exists within the last 5 days.

  "_index" : "ui-test-setup",
  "_type" : "uiData",
  "_id" : "Last Started-truespeed-viavi-vTA-TS-1.0.4.1.g50749f1",
  "_score" : 1.0,
  "_source" : {
    "docType" : "uiData",
    "timestamp" : 1556022336877,
    "name" : "Last Started",
    "visibility" : "private",
    "user" : "user",
    "test" : {
      "mode" : "client-to-ma",
      "modeLabel" : "Client to Test Point",
      "nameOnProbe" : "truespeed",
      "selected" : true,
      "testBrandName" : "TrueSpeed",
      "testType" : "truespeed",
      "testTypeLabel" : "TrueSpeed",
      "testTypeStandard" : "RFC 6349"
    },
    "testPoints" : [ {
      "tag" : "Test Point A",
      "selected" : true,
      "type" : "inventory",
      "id" : "a70b139e-915b-5859-857e-33c4670da218",
      "name" : "altanta-stg-vta",
      "vendor" : "viavi",
      "model" : "vTA-TS",
      "version" : "1.0.4.1.g50749f1",
      "ip" : "xx.xxx.xxx.xxx",
      "port" : "2508",
      "extension" : {
        "mac" : "00:50:56:cc:5e:14",
        "lastStarted" : "2019-04-04T01:26:24Z",
        "location" : {
          "address" : "Atlanta, GA",
          "position" : null,
          "locationAutoGenerated" : false
        },

I get the following return instead if I run it with or without format:

{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 0,
    "max_score" : null,
    "hits" : [ ]
  }
}

dadoonet · April 25, 2019, 9:20pm

Note that

now-5m

Doesn't mean today minus 5 days.

If you need further help please provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

joshuaclark · April 25, 2019, 9:22pm

Yeah, I tried minutes as well. Thanks for helping me with this.

Christian_Dahlqvist · April 26, 2019, 5:34am

Based on the document you showed it seems like the name of the field is testPoints.extension.lastStarted and not just lastStarted. Assuming you are not using a nested mapping I would recommend trying using this field name instead while removing the format specification. As the document is from early April you probably need to use now-30d or so.

system · May 24, 2019, 5:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.