Elasticsearch: 'gt' gives unexpected results.

Created on 17 Jun 2019  路  3Comments  路  Source: elastic/elasticsearch

Elasticsearch version: 7.0.0

OS version (uname -a if on a Unix-like system):
Linux 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Description of the problem including expected versus actual behavior:
The elasticsearch query,

GET my_index*/_search
{
  "query":                                 
    {"range": {"timestamp": {"gt": "now-1M"}}}
}

returns,

{
  "took" : 923,
  "timed_out" : false,
  "_shards" : {
    "total" : 14,
    "successful" : 14,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 0,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  }
}

Returns zero hits, but if i do change the range to "now-2w" it returns hits. this is quite strange! and the relation too is specified as 'eq' rather than 'gt' in above response.

it works well with 'gte' though.

Steps to reproduce:

  1. Try to query data for different time periods (week, month) using console with 'gt' parameter on elasticsearch 7.0.0. For some time periods, it'll return zero hits and 'relation' as 'eq' even though there's data for that time period in elasticsearch.

I don't see any errors in elasticsearch logs. (Discover tab in Kibana shows proper results as expected)

:SearcSearch >bug
Source
picture Sanjaygk

Most helpful comment

Thanks for reporting @Sanjaygk. This is an actual bug that was introduced with the move to Java Time. The logic that we apply to exclude rounded values (now/M) is also applied to simple operation like now-1M in the Java date math parser. So instead of adding 1ms to get the values greater than now-1M we also add 1M to the result of the operation. I opened https://github.com/elastic/elasticsearch/pull/43303 to restore the original behavior.

picture jimczi on 18 Jun 2019
👍2

All 3 comments

Pinging @elastic/es-search

elasticmachine picture elasticmachine on 17 Jun 2019

Relates https://discuss.elastic.co/t/search-api-returns-zero-hits/185963 /cc @henningandersen.

This behaviour looks to be deliberate, although I will admit that I find it surprising too. The gt vs gte applies to the _integer_ number of time periods added or subtracted, so "gt": "now-2w" means the same as "gte": "now-1w" and, crucially, only returns hits from the last 7 days. Similarly, "gt": "now-1M" means the same as "gte": "now-0M" and thus does not return any hits from the past at all.

Labelling this for team discussion in case my confusion here is misplaced.

DaveCTurner picture DaveCTurner on 17 Jun 2019

Thanks for reporting @Sanjaygk. This is an actual bug that was introduced with the move to Java Time. The logic that we apply to exclude rounded values (now/M) is also applied to simple operation like now-1M in the Java date math parser. So instead of adding 1ms to get the values greater than now-1M we also add 1M to the result of the operation. I opened https://github.com/elastic/elasticsearch/pull/43303 to restore the original behavior.

jimczi picture jimczi on 18 Jun 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

clintongormley picture clintongormley  路  3Comments
Praveen82 picture Praveen82  路  3Comments
rjernst picture rjernst  路  3Comments
ttaranov picture ttaranov  路  3Comments
martijnvg picture martijnvg  路  3Comments