How to combine query_string and range of timestamp in elasticsearch

时间:2017-08-04 13:09:13

标签: python elasticsearch

I have two query. One is searching in logmessage and second time in range of timestamp.

query = {
    "query": {
        "query_string" : {
            "query" : "logmessage:test"
        }
    }

and

query = {
    "query": {
"range" : {
            "@timestamp" : {
                "lte" : "2017-08-04"
            }                   
        }
    }

How I can create one with both options ? I tried this:

    query = {
        "query": {
            "query_string" : {
                "query" : "logmessage:test"
            },
    "range" : {
                "@timestamp" : {
                    "gte" : "2017-08-04",
                    "lte" : "now"
                }                   
            }
        }
    }

but with no success. There is some 400 error because of bad syntax I guess

1 个答案:

答案 0 :(得分:1)

您正在寻找一个bool查询https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-bool-query.html。您可以使用should,must,must_not和filter子句将多个查询组合成一个:

{
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "@timestamp": {
              "lte": "2017-08-04"
            }
          }
        },
        {
          "query_string": {
            "query": "logmessage:test"
          }
        }
      ]
    }
  }
}
相关问题
最新问题