What is the difference between using now and the date itself in Open Search?

Question

Currently I'm trying to get all the data inserted in a database since last day, so, I would like to see if yesterday (30/03) or today (31/03) any data has beed inserted in the database and I have a entry_dt field where I insert the entry date for my registers. Currently I'm using this query:

GET my_index/_search
{
  "size": 0,
  "aggs": {
    "number_of_bytes": {
      "date_range": {
        "field": "entry_dt",
        "format": "yyyy-MM-dd",
        "ranges":
        [
          {
            "from": "now-1d/d",
            "to": "now"
          }
        ]
      }
        }
  }
}

The result is 11662 documents, but when I change from and to to "2022-03-30" and "2022-03-31" I get a different result: 11131 documents, and If i change the from and to to now-1d and now I get a different result again: 1108.

I'm confused about what is the true result to get the total of documents inserted since yesterday.

Answer 1

Field values in ES are timestamps, not dates so your queries are "translated" into (let's assume query runs on 2022-03-31 14:30:00):

• now-1d/d to now -> 2022-03-30 00:00:00 to 2022-03-31 14:30:00
• 2022-03-30 to 2022-03-31 -> 2022-03-30 00:00:00 to 2022-03-31 00:00:00
• now-1d to now -> 2022-03-30 14:30:00 to 2022-03-31 14:30:00