How to fix the error "failed to parse date field " in Elasticsearch

Question

I tried to do a query in Elasticsearch via python. I want to get all values in the last one hour from now. For this I wrote this script:

import time
from elasticsearch import Elasticsearch
from datetime import datetime, timedelta

es = Elasticsearch()
index = "standalone"

filename = "2017-12-22V2.csv"

Timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
one_hour_from_now = datetime.now() - timedelta(hours=1)
one_hour_from_now = one_hour_from_now.strftime('%Y-%m-%d %H:%M:%S')


query = {"query":{"bool":{"must":{"range":{"Time":{"gt":one_hour_from_now,"lt":Timestamp}}},"must_not":[],"should":[]}},"from":0,"size":10,"sort":[],"aggs":{}}


ret = es.search(index, body=query)
print("ret", ret)

When I execute it I get this error:

 es.search exception:  TransportError(400, 'search_phase_execution_exception', 'failed to parse date field [2018-02-12 15:50:26] with format [strict_date_optional_time||epoch_millis]')

This is the structure of my ES index:

Can someone help me please

Thank you

Answer 1

From the documentation it seems that you have fail the format date. According to your screenshot, your data is in this format:

yyyy-MM-dd'T'HH:mm:ss

According to the documentation this format is

date_hour_minute_second or strict_date_hour_minute_second

With datetime library in python you have shaped your date format in this way:

yyyy-MM-dd HH:mm:ss

Try to convert in the range query the strict_date_optional_time - the default date format in es, used in your date field according to the structure of your es index - with the format clause and cast it with the value yyyy-MM-dd HH:mm:ss

or change you line code:

one_hour_from_now = one_hour_from_now.strftime('%Y-%m-%d %H:%M:%S')

in

one_hour_from_now = one_hour_from_now.strftime("%Y-%m-%d"'T'"%H:%M:%S")

and don't specify a format in the query or specify the correct one