gistfile1.txt

Hi,

Hoping that someone could help....

This is my query:

body: {
"query"=> {
"filtered"=> {
"filter"=> {
"bool"=> {
"must"=> [
{"term"=> {status=> 500}}, 
{"term"=> {"type"=> "iis6"}}, 
"range"=> {
"@timestamp"=> {
"gt"=> "now-2h" 
}
}
]
}
}
}
},
"aggs"=> {
"0"=> {
"date_histogram"=> {
"field"=> "@timestamp",
"interval"=> "2h"
}
}
},
"size"=> 0
}
This runs against the current index(logstash-2015.06.17) and produces the anticipated value which is fine.

I'm constructing a dashboard of metrics comparing values against values from 24 hours ago but haven't been able to find these previous values. This is the query that I have used (I am running this query against the previous day's index which is logstash-2015.06.16...)

body: {
"query"=> {
"filtered"=> {
"filter"=> {
"bool"=> {
"must"=> [
{"term"=> {status=> 500}}, 
{"term"=> {"type"=> "iis6"}}, 
"range"=> {
"timestamp"=> {
"gt"=> "2015-06-16 09:48:00",
"lt"=> "2015-06-16 07:48:00 
}
}
]
}
}
}
},
"aggs"=> {
"0"=> {
"date_histogram"=> {
"field"=> "timestamp",
"interval"=> "hour"
}
}
},
"size"=> 0
}

and have received the value of 0 hits when I know that data exists in this time period.

Can you please show me the correct way to construct this query? I'm new to Elasticsearch...