Elastic query to search a term and with in a date range

1
votes
GET _search
{
  "query": {
    "bool":{
      "filter":{
        "and":[
        {
          "term":{
            "Server": "XYZ"
          },
          "range": {
            "DateTime":{
              "from": "2018-12-13T00:20:48.782Z",
              "to":"2018-12-14T00:20:48.782Z"
            }
          }
        }
      ]
    }}
  }
}

Above is my elastic query to fetch all records belongs to XYZ Server and within the time range, I have Server and DateTime columns in my dataset but throws below error:

{ "error": { "root_cause": [ { "type": "parsing_exception", "reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]", "line": 9, "col": 11 } ], "type": "parsing_exception", "reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]", "line": 9, "col": 11 }, "status": 400 }

What am i missing here!

3
elasticsearch
Can you add your index mapping details ?TechnocratSid
You can use lte and gte to filter the date range query. exampleKaushik

3 Answers

1
votes

Your query is malformed use the following query instead: 

GET _search
{
 "query": {
   "bool": {
     "filter": [ 
      {
        "term": { 
          "Server": "XYZ"
        }
      },
      { 
        "range": {
          "DateTime":{
            "from": "2018-12-13T00:20:48.782Z",
            "to": "2018-12-14T00:20:48.782Z"
          }
        }
      }
    ]
  }
 }
}
0
votes

You can't have and in your filter clause. There is no and clause in ES query. Basically, you need to combine filter on term and range clause. Please read combine filters in ES for more information on this.

As your query is using an invalid clause, ES isn't able to parse your query.

Please use the proper query and you should be able to get the results from ES.

Please try below query, which should work fine and let me know if it doesn't work.

{
  "query": {
    "constant_score": {
      "filter": {
        "bool": {
          "must": [
            {
              "term": {
                "Server": "XYZ"
              }
            },
            {
              "bool": {
                "must": [
                  {
                    "range": {
                      "DateTime": {
                        "from": "2018-12-13T00:20:48.782Z",
                        "to": "2018-12-14T00:20:48.782Z"
                      }
                    }
                  }
                ]
              }
            }
          ]
        }
      }
    }
  }
}
0
votes

The error message is clearly saying that the query is not correct.

You can check the official docs for range query and for bool query to se that there is no filter inside bool queries and there is not from, to in range queries.

Please check this query.

GET _search
{
 "query": {
   "bool": {
     "must": [ 
      {
        "term": { 
          "Server": "XYZ"
        }
      },
      { 
        "range": {
          "DateTime":{
            "gt": "2018-12-13T00:20:48.782Z",
            "lte": "2018-12-14T00:20:48.782Z"
          }
        }
      }
    ]
  }
 }
}