ElasticSearch requests range timestamp in python -
i'm trying perform request on es, count logs in timestamp range. request works, returns same result. timestamp filter seems not working. retrieve facet status_code servertest01 in custom timestamp range.
import rawes datetime import datetime dateutil import tz paristimezone = tz.gettz('europe/paris') es = rawes.elastic('127.0.0.1:9200') result = es.get('/_search', data={ "query" : { "match_all" : {} }, "filter": { "range": { "@timestamp": { "from": datetime(2013, 3, 11, 8, 0, 30, tzinfo=paristimezone), "to": datetime(2013, 3, 12, 11, 0, 30, tzinfo=paristimezone)} } }, "facets" : { "error" : { "terms" : { "field" : "status_code" }, "facet_filter" : { "term" : {"server" : "testserver01"} } } } }) print(result['facets']) and in es data, timestamp field this:
"@timestamp":"2013-03-12t00:02:29+01:00" thanks :)
the filter element in search api used filter query results after facets have been calculated.
if want apply filter both query , facets, should use filtered query instead:
result = es.get('/_search', data={ "query": { "filtered": { "query" : { "match_all" : {}}, "filter": { "range": { "@timestamp": { "from": datetime(2013, 3, 11, 8, 0, 30, tzinfo=paristimezone), "to": datetime(2013, 3, 12, 11, 0, 30, tzinfo=paristimezone) } } } } }, "facets" : { "error" : { "terms" : { "field" : "status_code" }, "facet_filter" : { "term" : {"server" : "testserver01"} } } } }) 
Comments
Post a Comment