1

I'm trying to get results of an index, by sending an GET http call from Postman for both date range and for a field ("log_type") which I added manually,

So for now I'm able to get the results, when i query it individually such as:

Date Range: http://localhost:9200/dialog_test/_search?q=timestamp:[2016-08-05+TO+2016-08-06]

log_type: http://localhost:9200/dialog_test/_search?q=log_type:GetProvisioning%20SUCCESS

In the url above (log_type), GetProvisioning Success is a log_type.

So what I wanted to know is, how can I combine both of them into a single query in order to identify, what're the results between a certain date range and with a specific log_type?

Any help could be appreciated

Kulasangar
  • 9,046
  • 5
  • 51
  • 82

2 Answers2

5

You can use AND and OR boolean conjunctions per query strings. In your case, you can do something like:

curl http://localhost:9200/dialog_test/_search?q=timestamp:[2016-08-05+TO+2016-08-06]+AND+log_type:GetProvisioning+SUCCESS
rchang
  • 5,150
  • 1
  • 15
  • 25
  • 2
    Be careful mixing `%20` and `+` in the same URL, that can have undesired effects. Pick one and stick with it – Val Sep 13 '16 at 13:02
  • @rchang thank you it works. Just one clarification, is it better to encode the space or leave it with the + ? – Kulasangar Sep 13 '16 at 13:10
  • 1
    @Kulasangar My personal habit is to default to `%20`, but that is more or less an arbitrary decision on my part. [This SO question](http://stackoverflow.com/questions/1634271/url-encoding-the-space-character-or-20) has more in-depth discussion on it. – rchang Sep 13 '16 at 14:01
0

Also, you could use the source query string parameter in order to pass the body directly in the URL. For example:

http://localhost:9200/my_index/_search?source={"query": {"match_all": {}},"size": "1","sort": [{"@timestamp": {"order": "desc"}}]}
Sab
  • 61
  • 1
  • 3
  • you also need to include the type, for example: `/_search?source_content_type=application/json&source=......` – YoniXw Jul 22 '19 at 10:03