15

I tried to do a query in Elasticsearch via python. I want to get all values in the last one hour from now. For this I wrote this script:

import time
from elasticsearch import Elasticsearch
from datetime import datetime, timedelta

es = Elasticsearch()
index = "standalone"

filename = "2017-12-22V2.csv"

Timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
one_hour_from_now = datetime.now() - timedelta(hours=1)
one_hour_from_now = one_hour_from_now.strftime('%Y-%m-%d %H:%M:%S')


query = {"query":{"bool":{"must":{"range":{"Time":{"gt":one_hour_from_now,"lt":Timestamp}}},"must_not":[],"should":[]}},"from":0,"size":10,"sort":[],"aggs":{}}


ret = es.search(index, body=query)
print("ret", ret)

When I execute it I get this error:

 es.search exception:  TransportError(400, 'search_phase_execution_exception', 'failed to parse date field [2018-02-12 15:50:26] with format [strict_date_optional_time||epoch_millis]')

This is the structure of my ES index: Elasticsearch structure

Can someone help me please

Thank you

Improve this question
0

1 Answer 1

Reset to default
14

From the documentation it seems that your date format is wrong. According to your screenshot, your data is in this format:

yyyy-MM-dd'T'HH:mm:ss

According to the documentation this format is

date_hour_minute_second or strict_date_hour_minute_second

With datetime library in python you have shaped your date format in this way:

yyyy-MM-dd HH:mm:ss

Try to convert in the range query the strict_date_optional_time - the default date format in es, used in your date field according to the structure of your es index - with the format clause and cast it with the value yyyy-MM-dd HH:mm:ss:

query = {"query":{"bool":{"must":{"range":{"Time":{"gt":one_hour_from_now,"lt":Timestamp, "format": "yyyy-MM-dd HH:mm:ss"}}},"must_not":[],"should":[]}},"from":0,"size":10,"sort":[],"aggs":{}}

or change you line code:

one_hour_from_now = one_hour_from_now.strftime('%Y-%m-%d %H:%M:%S')

in

one_hour_from_now = one_hour_from_now.strftime("%Y-%m-%d"'T'"%H:%M:%S")

and don't specify a format in the query or specify the correct one

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.