I am tried to create search query with a values in 15m radios and between 3 weeks. I tried to execute this query:
"query": {
"bool": {
"must": {
"match_all": {}
}
, "filter": [
{
"geo_distance": {
"distance": "1000km",
"geoLocation": {
"lat": 31.966467334184614,
"lon": 35.83242623178664
}
}
,
"range": {
"map_date": {
"gte": "now-3w/w",
"lte": "now/w"
}
}
}
]
}}
My date filed is: map_date and my geo point filed is geoLocation
I get this response :
{
"error" : {
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "[geo_distance] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line" : 18,
"col" : 8
}
],
"type" : "x_content_parse_exception",
"reason" : "[18:8] [bool] failed to parse field [filter]",
"caused_by" : {
"type" : "parsing_exception",
"reason" : "[geo_distance] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line" : 18,
"col" : 8
}
},
"status" : 400
}
Help me please to figure out what I am doing wrong
Your filter part was mal formated, try :
{
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{
"geo_distance": {
"distance": "1000km",
"geoLocation": {
"lat": 31.966467334184614,
"lon": 35.83242623178664
}
}
},
{
"range": {
"map_date": {
"gte": "now-3w/w",
"lte": "now/w"
}
}
}
]
}
}
}
Il your filter array you list a list of {}, take a look at:
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-filter-context.html
Related
I'm new to dsl and this seems simple. The code should count total entries by the hour, within the date range specified. I added a bool such that the results should have a field called 'message' which should contain '[success'
GET sample_index/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"message": "[sucess"
}
}
]
},
"range": {
"timestamp": {
"gte": "2021-01-01",
"lte": "2021-01-10"
}
}
},
"aggs": {
"hit_count_per_day": {
"date_histogram": {
"field": "timestamp",
"calendar_interval": "hour"
}
}
}
}
The error returned is
{
"error" : {
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "[bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line" : 13,
"col" : 5
}
],
"type" : "parsing_exception",
"reason" : "[bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line" : 13,
"col" : 5
},
"status" : 400
}
You need to include the range query also in the must clause. Modify your query as shown below
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"message": "[sucess"
}
},
{
"range": {
"timestamp": {
"gte": "2021-01-01",
"lte": "2021-01-10"
}
}
}
]
}
},
"aggs": {
"hit_count_per_day": {
"date_histogram": {
"field": "timestamp",
"calendar_interval": "hour"
}
}
}
}
Hello while running a term query in Kibana console, I am getting a parsing_exception
Query
GET /products/_search
{
"query": {
"terms": {
"tags.keyword": [ "Soup", "Cake" ]
},
"range": {
"in_stock": {
"gte": 10,
"lte": 20
}
}
}
}
Response/Exception
{
"error" : {
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "[terms] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line" : 6,
"col" : 5
}
],
"type" : "parsing_exception",
"reason" : "[terms] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line" : 6,
"col" : 5
},
"status" : 400
}
Can anyone tell me why I got this exception and how to solve it?
You need to use boolean query to combine terms and range query. Modify your search query as shown below -
{
"query": {
"bool": {
"must": [
{
"terms": {
"tags.keyword": [
"Soup",
"Cake"
]
}
},
{
"range": {
"in_stock": {
"gte": 10,
"lte": 20
}
}
}
]
}
}
}
I am new to ES, and I am using ES 7.10.1, I have following simple search request:
GET /megacorp/_doc/_search
{
"query":{
"filtered":{
"filter":{
"range":{
"age":{
"gt":30
}
}
},
"query":{
"match":{
"last_name":"smith"
}
}
}
}
}
When I run the above query(using query and filter) in the Kibana Dev Tools, an exception occurs as follows, I would ask how to fix this,thank.
{
"error" : {
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "unknown query [filtered]",
"line" : 3,
"col" : 14
}
],
"type" : "parsing_exception",
"reason" : "unknown query [filtered]",
"line" : 3,
"col" : 14,
"caused_by" : {
"type" : "named_object_not_found_exception",
"reason" : "[3:14] unknown field [filtered]"
}
},
"status" : 400
}
The filtered query has been deprecated. You should now use the boolean query. Modify your search query as -
{
"query": {
"bool": {
"must": {
"match": {
"last_name": "smith"
}
},
"filter": {
"range": {
"age": {
"gt": 30
}
}
}
}
}
}
I am running the following query and getting an error:
Query :
POST /sbl_nmon2019.12.02/_search?size=0
{"query":{
"bool":{
"must" : [{
"range":{"#timestamp":{"gte": "now-30m"}},
"aggs":{"max_cpu" : {"field":"cpu_consumed"}},
"match":{"Server" : "siebeldbnode01"}
}]
}
}}
Error:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 5,
"col": 5
}
],
"type": "parsing_exception",
"reason": "[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 5,
"col": 5
},
"status": 400
}
The objective is to find max of a numberic field fron an index for last 30 minutes of a specific node.
SY
Your query is not properly formatted, it should look like this instead.
POST /sbl_nmon2019.12.02/_search
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"#timestamp": {
"gte": "now-30m"
}
}
},
{
"match": {
"Server": "siebeldbnode01"
}
}
]
}
},
"aggs": {
"max_cpu": {
"max": {
"field": "cpu_consumed"
}
}
}
}
MUST attribute values should be separate object.
Correct format:
POST /sbl_nmon2019.12.02/_search?size=0
{
"query": {
"bool": {
"must": [
{
"match": {
"Server": "siebeldbnode01"
}
},
{
"range": {
"#timestamp": {
"gte": "now-30m"
}
}
}
]
},
"aggs": {
"max_cpu": {
"field": "cpu_consumed"
}
}
}
}
Wrong Format:
"must" : [{
"range":{"#timestamp":{"gte": "now-30m"}},
"aggs":{"max_cpu" : {"field":"cpu_consumed"}},
"match":{"Server" : "siebeldbnode01"}
}]
I want use the match and range, my body in the query is :
{
"query": {
"match" : {
"netscaler.ipadd" : "192.68.2.39"
},
"range": {
"#timestamp": {
"gte":"2015-08-04T11:00:00",
"lt":"2015-08-04T12:00:00"
}
}
},
"aggs" : {
"avg_grade" : {
"avg" : { "field" : "netscaler.stat.system.memusagepcnt" }
}
}
}
and elsaticsearch responds with:
{
"error": {
"root_cause": [{
"type": "parsing_exception",
"reason": "[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 6,
"col": 7
}],
"type": "parsing_exception",
"reason": "[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 6,
"col": 7
},
"status": 400
}
I need know which is the best way or the correct way for do that.
If you have multiple queries you probably should wrap them inside a bool query:
{
"query": {
"bool": {
"must": [
{
"match": {
"netscaler.ipadd": "192.68.2.39"
}
},
{
"range": {
"#timestamp": {
"gte": "2015-08-04T11:00:00",
"lt": "2015-08-04T12:00:00"
}
}
}
]
}
},
"aggs": {
"avg_grade": {
"avg": {
"field": "netscaler.stat.system.memusagepcnt"
}
}
}
}
More info in the docs