Using filters in ElasticSearch - PHP

Elastic Stack Elasticsearch
1

I have set up an ELK server. I want to create some graphs with some data from ElasticSearch. I was trying something like:

    $filters = array();
    $query = array();
    $filter = array();


    $filters['not']['term']['tags'] = '_grokparsefailure';
    $filters['and']['range']['@timestamp']['from'] = "2015-05-01";
    $filters['and']['range']['@timestamp']['to'] = "2015-05-10";

    $filters['and']['range']['icon_seq']['gt'] = -1;

    $params2 = array(
            'index'=> $this->view->elk_index,
            'type' => $this->view->elk_type,
            'size' => 1000000,
            'body' => array(
                'query' => array(
                    'filtered' => array(
                        //'query' => $query,
                        'filter' => $filters
                     )
                 ),
                'filter' => $filter 
            )
    );

$results2 = $client->search($params2);

But as you imagine, it's not working correctly. The date range is not working. What am I doing wrong? Thanks

2

I think you'll have more luck getting help if you write what you are trying to in json instead of php.

I suspect the issue is around $filters - it can't contain both not and and as keys. Maybe:

$filters['bool']['should'][] = array( 'not' => array( 'term' => array( 'tags' => '_grokparsefailure' )));
$filters['bool']['should'][] = array ('range' => array ('@timestamp' => array (
  'from' => "2015-05-01", 'to' => "2015-05-10" )));
$filters['bool']['should'][] = array( 'range' => array( 'icon_seq' => array( 'gt'  => -1 )));
3

Hi. Thanks! for some reason it's not filtering correctly.

It's filtering by timestamp but I'm still getting some that the tags is "_grokparsefailure" and that dont have the field icon_seq. Thanks!