Skip to content

Instantly share code, notes, and snippets.

@icecrime

icecrime/cant_even.md

Last active August 29, 2015 14:27
Show Gist options
  • Save icecrime/6440ecd2770a1a97dc4e to your computer and use it in GitHub Desktop.
Save icecrime/6440ecd2770a1a97dc4e to your computer and use it in GitHub Desktop.
Download ZIP
Elastic Search bug?
Raw
cant_even.md

A document is indexed with what seems to be a proper timestamp:

# curl elasticsearch:9200/[redacted]/[redacted]/[redacted]?fields=_timestamp | jq .
{
  "_index": "[redacted]",
  "_type": "[redacted]",
  "_id": "[redacted]",
  "_version": 1,
  "found": true,
  "fields": {
    "_timestamp": 1439673273000
  }
}

Query with a date range:

# cat out
{
  "size": 0,
  "query": {
    "filtered": {
      "query": {
        "query_string": {
          "analyze_wildcard": true,
          "query": "*"
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "_timestamp": {
                  "gte": 1439660028476,
                  "lte": 1439674428476
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  }
}

No result:

# curl -XGET elasticsearch:9200/[redacted]/[redacted]/_search -d @out
{
  "took": 3,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 0,
    "max_score": 0,
    "hits": []
  }
}

Relevant timestamps:

  • Query lower bound 1439660028476 (Sat, 15 Aug 2015 17:33:48 GMT)
  • Query upper bound 1439674428476 (Sat, 15 Aug 2015 21:33:48 GMT)
  • Document timestamp 1439673273000 (Sat, 15 Aug 2015 21:14:33 GMT)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment