i have lot of timestamps in Elasticserach, and i want to search for every document where the field "timestamp" matches those that match 11:05 UTC. The timestamp format is
yyyy-MM-dd HH:mm:ss
and its type is "date". How can i ignore the months, days, years and seconds and only serach for the time? Thank you in advance!
I tried to simply search with a query like
query = {
"query": {
"match": {
"timestamp": "11:05"
}
}
}
RequestError(400, 'search_phase_execution_exception', 'failed to parse date field [11:05] with format [strict_date_optional_time||epoch_millis]: [failed to parse date field [11:05] with format [strict_date_optional_time||epoch_millis]]')
Thanks in advance!
CodePudding user response:
To search for documents in Elasticsearch that match a specific time, you can use the range query.
In your case, you can use the range query to search for all documents that have a timestamp field with a time of 11:05.
query = {
"query": {
"range": {
"timestamp": {
"gte": "11:05:00",
"lte": "11:05:59",
"format": "HH:mm:ss"
}
}
}
}
The gte (greater than or equal to) and lte (less than or equal to) arguments are the constraints that define the range.
CodePudding user response:
To search for documents in Elasticsearch that have a specific time in the "timestamp" field, you can use a query with a range filter on the "timestamp" field. The range filter allows you to specify a lower and upper bound for the values in the field, so you can use it to search for documents that have a "timestamp" value within a certain time range.
For example, to search for documents that have a "timestamp" value with a time of 11:05 UTC, you can use a query like this:
{
"query": {
"bool": {
"filter": {
"range": {
"timestamp": {
"gte": "11:05:00",
"lte": "11:05:59"
}
}
}
}
}
}
This query will find all documents that have a "timestamp" value that is greater than or equal to 11:05:00 and less than or equal to 11:05:59. This will match any "timestamp" value that has a time of 11:05, regardless of the date or seconds.
It's important to note that the "timestamp" field in your Elasticsearch documents must be of the "date" type in order for this query to work properly. If the "timestamp" field is not of the "date" type, you will need to convert it to the "date" type before you can use this query. You can do this by using a script in the Elasticsearch update API, or by re-indexing your documents with the "timestamp" field mapped as a "date" type.