Solution:Step 1: Analyze the bool query with must clausesBoth conditions must be true: host equals 'server1' and timestamp within last hour.Step 2: Understand the range filter on @timestampRange with gte 'now-1h' filters documents from the last hour.Final Answer:All metrics from 'server1' in the las

[Solved] Given this query:GET /metrics/_search { "query": { "bool": { "must": [ { "match": { "host": "server1" } }, { "range": { "@timestamp": { "gte": "now-1h" } } } ] } } }What does this query return? | Elasticsearch

Elasticsearch - ELK Stack Integration

Given this query:

GET /metrics/_search
{
  "query": {
    "bool": {
      "must": [
        { "match": { "host": "server1" } },
        { "range": { "@timestamp": { "gte": "now-1h" } } }
      ]
    }
  }
}

What does this query return?

AAll metrics from 'server1' in the last hour

BAll metrics from all hosts older than 1 hour

COnly documents with missing host field

DAn error due to invalid query syntax

Step-by-Step Solution

Solution:

Step 1: Analyze the bool query with must clauses
Both conditions must be true: host equals 'server1' and timestamp within last hour.
Step 2: Understand the range filter on @timestamp
Range with gte 'now-1h' filters documents from the last hour.
Final Answer:
All metrics from 'server1' in the last hour -> Option A
Quick Check:
Bool must with host and time = All metrics from 'server1' in the last hour [OK]

Quick Trick: Bool must means all conditions must match [OK]

Common Mistakes:

MISTAKES

Misreading range as older than 1 hour
Ignoring the host match condition
Assuming syntax error without checking structure

Master "ELK Stack Integration" in Elasticsearch

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More Elasticsearch Quizzes

Given this query:

Step 1: Analyze the bool query with must clauses

Step 2: Understand the range filter on @timestamp

Final Answer:

Quick Check:

Want More Practice?