0

I want to extract the following sql query to elasticsearch.

Select * 
from someTable
Where @timestamp < some_date and @timestamp >= some_other_date
and dst != '-'

And then do some aggregations on the returned documents. The aggregations part I have figured it out, and works perfectly. But I don't get the documents filtered properly. I tried the following query but I get doc's with dst = '-' which are in turns computed in the aggregations.

The query 

"query": {                              
    "bool": {
        "must_not": {
            "term": {
                "dst": '-'
            }
        }, 
        "filter":{
            "range":{
                "@timestamp":{
                    "gte":"a date",
                    "lt": "another date"
                }
            }
        }
    }   
}

Am I doing something wrong. I set the size to 0 because I am using aggregations (not shown in here). Elasticsearch ver2.4 and python elasticsearch library.

I know it's not working because the aggregations results contain values from documents that dst is '-"

Improve this question
2
  • How are you sending your query? Also what is the mapping of your dst field? Commented Oct 5, 2016 at 9:58
  • sending the query via the python elasticsearch client with an aggregations query. the dst field is analzyed. Could that be the fault? Is the logic of the query correct? Commented Oct 5, 2016 at 10:03

1 Answer 1

Reset to default
1

This field should not be analyzed, as it analyzer removes - char from field in index.

If you need this field to be analyzed for an other reason use multi-fields. https://www.elastic.co/guide/en/elasticsearch/reference/current/multi-fields.html

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I had a feeling this was the problem? Is the query correct? Does it correspond to the SQL query written on my post?
If you fix index mapping with not_analyzed it should work.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.