0

In Elastic-search range query , timestamp is in this 2019-08-28T08:57:04.749Z formate, when execute the following query it throws a error "Unrecognized chars at the end of [2019-08-28T08:57:04.749Z- 1h]. how can we minus 1 hr in lte value?

  {
 "query": {
 "range" : {
    "@timestamp" : {
        "gte": "2015-03-20T01:21:00.01Z", 
        "lte": "2015-03-20T01:12:00.04Z-1h"

      }
   }
 }
Improve this question

1 Answer 1

Reset to default
2

The right way to do it is by adding a double pipe, like this:

{
 "query": {
 "range" : {
    "@timestamp" : {
        "gte": "2015-03-20T01:21:00.01Z", 
        "lte": "2015-03-20T01:12:00.04Z||-1h"

      }
   }
 }

However, you should note that your query won't return anything, because the to date is earlier than the from date.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

i set the from date but stil no result
Can you tell which bounds you're now using and also show a document that you think should match?
Try with gte: timestamp - "||1h"
Sorry, forgot the minus sign: gte: timestamp + "||-1h"
which is now correct, right? i.e. you'd get all documents from the past hour before 08:57:04.749Z
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.