'Date Ranges in Elastic Search 8.1

I have indexed data in the below format.

{
  "_index": "product",
  "_id": "1",
  "_score": 1.0,
  "_source": {
    "product_id": "P01",
    "product_type": "P1",
    "updated_date": "2022-12-21-12-55-58"
  }
}

I need to filter documents based on a date range.

I have written the following query for ranges.

{
  "query": {
    "bool": {
      "filter": [
        { "match": { "product_type": "P1" } },
        {
          "range": {
            "updated_date": {
              "gte": "2022-12-25-12-55-58",
              "lte": "2022-12-30-12-55-58"
            }
          }
        }
      ]
    }
  }
}

I am not getting proper output, ideally, it should not allow date ranges before 2022-12-25-12-55-58, but I am getting all of them.

Please suggest to me what improvement can be done in order to filter date ranges. (Time Stamps).

Thanks in advance.

elk


Solution 1:[1]

Given your dates don't have the standard ISO8601 format, I think they have been indexed as text instead and hence range queries don't work the way you expect, i.e. they filter in a lexicographical way instead of chronological.

You have a few options to fix this:

A. you can reindex your data with a proper date format

B. you can reindex your data with the same format, but you can first modify your mapping to this:

"updated_date": {
    "type": "date",
    "format": "yyyy-MM-dd-HH-mm-ss"
}

C. You don't want to reindex all your data, but you are allowed to add a date sub-field to your existing updated_date with the proper format field and then you can simply update your index:

PUT yourindex/_mapping
{
  "properties": {
    "updated_date": {
        "type": "text",
        "fields": {
           "date": {
              "type": "date",
              "format": "yyyy-MM-dd-HH-mm-ss"
           }
        }
    }
  }
}

Then run this to update all your documents:

POST yourindex/_update_by_query?wait_for_completion=false

When this task is done, you'll be able to run your query on the new sub-field

      "range": {
        "updated_date.date": {
          "gte": "2022-12-25-12-55-58",
          "lte": "2022-12-30-12-55-58",
          "format": "yyyy-MM-dd-HH-mm-ss"
        }
      }

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Val

Related Questions

"curl: (52) Empty reply from server" / timeout when querying ElastiscSearch

Efficient way to retrieve all _ids in ElasticSearch

How to disable SSL verification for Elasticsearch RestClient v6.7.0 in Java

How to watch the logstash log?

elastic search, is it possible to update nested objects without updating the entire document?

ElasticSearch Aggregation over Top Hits

Kibana server is not ready yet

Kibana server is not ready yet

Any way(plugin) to parse kibana query syntax to elasticsearch api body?

Elastic search with Google Big Query

Can not run Elastic Search on ubuntu (Error opening log file)

Is it possible to filter records of one index from another index in elasticsearch query?

Can We Retrieve Previous _source Docs with Elastic Search Versions

Sort multi-bucket aggregation by source fields inside inner multi-bucket aggregation

How to get latest document in elastic search