Kulasangar Kulasangar - 2 months ago 17
JSON Question

How could I append time stamp range within my elasticsearch query?

I'm trying perform an elasticsearch query as a

POST
request in order pull data from the index which I created. The data which is in the index is, a table from MySQL DB, configured though
logstash
.

Here is my request and the
JSON
body:

http://localhost:9200/response_summary/_search

Body:

{
"query": {
"query_string": {
"query": "transactionoperationstatus:\"charged\" AND api:\"payment\" AND operatorid:\"XL\" AND userid:*test AND time:\"2015-05-27*\" AND responsecode:(200+201)"
}
},
"aggs": {
"total": {
"terms": {
"field": "userid"
},
"aggs": {
"total": {
"sum": {
"script": "Double.parseDouble(doc['chargeamount'].value)"
}
}
}
}
}
}


In the above
JSON
body, I'm in need to append the
timestamp
into the
query_string
in order get the data from the index within a date range. I tried adding at the end of the query as:

AND timestamp:[2015-05-27T00:00:00.128Z+TO+2015-05-27T23:59:59.128Z]"


Where am I going wrong? Any help would be appreciated.

Val Val
Answer

You just need to remove the +as they are only necessary when sending a query via the URL query string (i.e. to URL-encode the spaces), but if you use the query_string query, you don't need to do that

AND timestamp:[2015-05-27T00:00:00.128Z TO 2015-05-27T23:59:59.128Z]"
                                       ^  ^
                                       |  |
                                   remove these
Comments