1

Context

I have an index with a field called "date" which contains dates. I need an elasticsearch query that returns records where date is greater than a specific date value.

Issue

Running the following query with range filter returns does not work. Records with earlier dates are returned in the result set.

{
  "size": 1000,
  "query": {
    "filtered": {
      "filter": {
        "range": {
          "date": {
            "gt": "2014-02-23T00:00:00"
          }
        }
      }
    }
  }
} 

Questions

  • What is the correct query to pull data where date is greater than a specific value?
  • If my query is syntactically correct, is there something else I can go check (e.g. datatype of field is actually date)?
  • How should I go about root causing this?
  • etc.
Saeed Zhiany
  • 2,051
  • 9
  • 30
  • 41
Allan McLemore
  • 1,222
  • 2
  • 11
  • 12

2 Answers2

1

Solution

In lieu of implementing mapping, I came up with a partial solution. I used Chrome to analyze some of the Kibana traffic. I noticed Kibana is passing date filters as int values. So, I converted the dates to ints using Unix timestamp conversion and things are working now. (Reference http://www.epochconverter.com/)

What about mapping?

I looked at the mappings earlier. On my index they don't exist. I seem to recall reading that mappings will be inferred for known types that have strong consistency.
My date data is consistent: - no nulls - dates are getting flipped from SQL, to C#, to Elastic

I guess I could implement a mapping, but I'm going with the Epoch conversion for now until I have a true need to map this for some other compelling reason.

Allan McLemore
  • 103
  • 1
  • 5
0
  • Your query is syntactically correct.
  • Use get mapping API to see the document mapping:

    curl -XGET 'http://localhost:9200/twitter/_mapping/tweet'

  • It's hard to say where goes wrong. Probably the mapping of date field is not date type actually.

halfelf
  • 9,737
  • 13
  • 54
  • 63