Elasticsearch:按日期和时间过滤为不同的字段 [英] Elasticsearch: Filtering by date and time as different fields
问题描述
我正在尝试使用日期范围和时间范围为我的查询创建一个过滤器。在我的情况下,日期和时间是不同的领域。所以我想运行这样的查询,例如:在10:00:00和12:00:00之间显示本月发生的所有事件(15-10-01 / 15-10-30)
I am trying to create a filter for my query using a date range and a time range. In my case, date and time are different fields. So I want to run queries like: Show me all the events happening this month (15-10-01/15-10-30) between 10:00:00 am and 12:00:00
这是我的查询,但它不工作。注意:如果我只使用日期部分它可以工作,但与时间字段的组合,结果是错误的。
This is my query, but it is not working. Note: If I only use the "date part" it works, but with the combination of the time field, the results are wrong.
任何建议?
{"query": {
"filtered": {
"query": {
"match": { "message" : "error" }
},
"filter": {
"bool" : {
"must" : {
"range": {
"date": {
"gte": "15-11-01",
"lte": "15-11-30"
}
}
},
"must" : {
"range": {
"time": {
"gte": "10:00:00",
"lte": "12:00:00"
}
}
}
}
}
}
}
}
更新:运行命令:
curl -XGET localhost:9200/my_index/_mapping
如您所建议的那样,我可以发现ES将时间字段类型定义为字符串,而不是(日期)时间。
另外,正如第一个答案中指出的那样,我的查询语法错误。
As some of you suggested, I could discover that ES is defining the "time" field type as string and not as (date) time. Additionally, as it was pointed in the first answer, my query syntax was wrong.
推荐答案
不正确的是,您的 bool 过滤器中有两个必须子句。这是无效的JSON,所以这可能是为什么你的查询不起作用的原因,尝试以下查询,而在$ $ c $中有两个范围过滤器c> bool / must filter:
One thing that is not correct is that you have two must clause inside your bool filter. That is not valid JSON and so that might be the reason why your query doesn't work, try the following query instead which has the two range filters inside the bool/must filter:
{
"query": {
"filtered": {
"query": {
"match": {
"message": "error"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"date": {
"gte": "15-11-01",
"lte": "15-11-30"
}
}
},
{
"range": {
"time": {
"gte": "10:00:00",
"lte": "12:00:00"
}
}
}
]
}
}
}
}
}
这篇关于Elasticsearch:按日期和时间过滤为不同的字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
