I am trying to make an elasticsearch query where, I need to search for a time frame in the elasticsearch table. I have records which has startime and endtime. And from UI I am giving a starttime and endtime which is time windows for which I need to search files for. Assuming the time window of starttime and endtime in the records is smaller than the time window entered by user, I have created the following query:
{
"_source":["filename","starttime","endtime"],
"sort":[{
"starttime":{"order":"asc"}
}],
"query":{
"bool":{
"should":{
"bool":{
"must":[
"range":{
"starttime":{
"lte":1489602610000
}
},
"range":{
"endtime":{
"gte":1489602610000,
}
}
]
}
},
"should":{
"bool":{
"must":[
"range":{
"starttime":{
"gte":1489602610000
}
},
"range":{
"endtime":{
"lte":1489689000000
}
}
]
}
},
"should":{
"bool":{
"must":[
"range":{
"starttime":{
"lte":1489689000000
}
},
"range":{
"endtime":{
"gte":1489689000000
}
}
]
}
}
}
}
}
I am getting error
"Unexpected character (':' (code 58)): was expecting comma to separate Array entries\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@29263f09; line: 11, column: 33]"
There are several issues with your query:
bool/should clausesrange queries not properly wrapped inside curly bracesYou can find the correct query below:
{
"_source": [
"filename",
"starttime",
"endtime"
],
"sort": [
{
"starttime": {
"order": "asc"
}
}
],
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"range": {
"starttime": {
"lte": 1489602610000
}
}
},
{
"range": {
"endtime": {
"gte": 1489602610000
}
}
}
]
}
},
{
"bool": {
"must": [
{
"range": {
"starttime": {
"gte": 1489602610000
}
}
},
{
"range": {
"endtime": {
"lte": 1489689000000
}
}
}
]
}
},
{
"bool": {
"must": [
{
"range": {
"starttime": {
"lte": 1489689000000
}
}
},
{
"range": {
"endtime": {
"gte": 1489689000000
}
}
}
]
}
}
]
}
}
}