2

Hi I am having an instance of elastic search running on my machine . it has an index named mep-reports. when i do a query using curl command it is giving an error . the following is the curl command. 

 curl -X GET "10.10.9.1:9200/mep-reports*/_search?pretty&size=0" -H 'Content-Type: application/json' -d'{
  "size": 0,
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "@timestamp": {
              "from": "2019-01-31T23:59:59Z",
              "to": "2020-02-17T23:59:59Z",
              "include_lower": true,
              "include_upper": false,
              "format": "yyyy-MM-dd'T'HH:mm:ssZ",
              "boost": 1.0
            }
          }
        },
        {
          "term": {
            "account_id": {
              "value": "270d13e6-2f4f-4d51-99d5-92ffba5f0cb6",
              "boost": 1.0
            }
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1.0
    }
  },
  "aggregations": {
    "performance_over_time": {
      "date_histogram": {
        "field": "@timestamp",
        "format": "yyyy-MM-dd'T'HH:mm:ssZ",
        "interval": "1M",
        "offset": 0,
        "order": {
          "_key": "asc"
        },
        "keyed": false,
        "min_doc_count": 0
      }
    }
  }
}'

Response 
{
  "error" : {
    "root_cause" : [
      {
        "type" : "illegal_argument_exception",
        "reason" : "Invalid format: [yyyy-MM-ddTHH:mm:ssZ]: Illegal pattern component: T"
      }
    ],
    "type" : "illegal_argument_exception",
    "reason" : "Invalid format: [yyyy-MM-ddTHH:mm:ssZ]: Illegal pattern component: T",
    "caused_by" : {
      "type" : "illegal_argument_exception",
      "reason" : "Illegal pattern component: T"
    }
  },
  "status" : 400
}

The following a sample from my elastic search index

{
  "took" : 14,
  "timed_out" : false,
  "_shards" : {
    "total" : 12,
    "successful" : 12,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 1073013,
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "mep-reports-2019.09.11",
        "_type" : "doc",
        "_id" : "68e8e03f-baf8-4bfc-a920-58e26edf835c-353899837500",
        "_score" : 1.0,
        "_source" : {
          "account_id" : "270d13e6-2f4f-4d51-99d5-92ffba5f0cb6",
          "inventory" : "SMS",
          "flight_name" : "test flight 001",
          "status" : "ENROUTE",
          "msg_text" : "Test !!!!!!!!!!!!!!1 elastic searchY",
          "flight_id" : "68e8e03f-baf8-4bfc-a920-58e26edf835c",
          "submission_ts" : "1568197286",
          "recipient" : "353899837500",
          "o_error" : null,
          "nof_segments" : "-1",
          "campaign_id" : "0fae8662-bee9-46ac-9b3e-062f4ba55966",
          "campaign_name" : "Index search petri11",
          "@version" : "1",
          "sender" : "800111",
          "delivery_ts" : "0",
          "@timestamp" : "2019-09-11T10:21:26.000Z"
        }
      }
    ]
  }
}

it something related to date format as i am trying to do a search on @timestamp field really appreciate if you can help

thank you

Improve this question

1 Answer 1

Reset to default
2

The problem is because the JSON query is enclosed into single quotes, i.e. the same characters around the T in your date format.

What I suggest you to do is to store the query inside a file named query.json and then send it in binary-mode like this:

curl -X GET "10.10.9.1:9200/mep-reports*/_search?pretty&size=0" -H 'Content-Type: application/json' --data-binary @query.json

That should solve your issue

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

@Val, if OP were to run his query as is as he was trying, would an escape help? like yyyy-MM-dd\'T\'HH:mm:ssZ
he'd need to double the single quote "yyyy-MM-dd''T''HH:mm:ssZ, i.e. it's two single quotes around the T not a double quote. I personally prefer the binary approach, as it's less error-prone

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.