4

I'm trying to query elastic search for all the logs between two milliseconds timestamps.

When querying Elasticsearch directly via:

curl -XPOST <ElasticSearch> ' -d ' {"query" : { "bool" : { "must" : { "range" : { "received_at" : { "gte" : 1310325395701, "lte" : 1468933745000 } } } } } }'

I obtain the desired result. However, the following query from a Python script returns 0 hits:

res = es.search(index="syslog-*", body={ "query" : { "bool" : { "must" : { "range" : { "received_at" : { "gte" : 1310325395701, "lte" : 1468933745000 } } } } } }, size=6000)

I've also tried this one:

res = es.search(index="syslog-*", body= { "query" : { "range" : { "received_at" : { "gte" : 1310325395701, "lte" : 1468933745000 } } } }, size=6000)

But exactly the same thing happens. Other kinds of queries from the python script do return hits:

res = es.search(index="syslog-*", body={"query": {"match_all": {}}}, size=6000)

Where:

from elasticsearch import RequestsHttpConnection

class MyConnection(RequestsHttpConnection):
def __init__(*args, **kwargs):
    proxies = kwargs.pop('proxies', {})
    super(MyConnection, self).__init__(*args, **kwargs)
    self.session.proxies = proxies

es = Elasticsearch([es_url], connection_class=MyConnection, proxies = {'https': 'http://user:pw@proxy.org:port'})

What am I doing wrong?

Alex
  • 151
  • 11
  • 1
    My spontaneous guess is that the index you're using is wrong. Alternatively, I'd try to eg.get() a document id that you see when curling directly. – Frederick Nord Jul 20 '16 at 08:30
  • 2
    @FrederickNord But the `match_all` query runs fin according to OP, with the same index name. – Maroun Jul 20 '16 at 09:04
  • @FrederickNord thank you both for your replies. Indeed, the match_all query returns hits. I've tried with different indexes as well but still nothing. The curl -XPOST query returns logs when querying that index via: .amazonaws.com/syslog-*/_search – Alex Jul 20 '16 at 09:45
  • 1
    @Alex Please post a reproducible snippet, including the declaration of each variable. – Maroun Jul 20 '16 at 10:25
  • @MarounMaroun I just added the class MyConnection and the declaration of es. Cheers! – Alex Jul 20 '16 at 11:05

0 Answers0