I am getting a reason": "[query] query malformed, no start_object after query name" error, not sure why.
The query is meant to grab the difference between two date fields and calculate average of all the results, I believe this should work but it may not work.
Any help would be greatly appreciated.
I am on elastic version 5.6.12
query below:
POST index_my.test/_search
{
"size":10,
"query": {
"bool": {
"must": [
{
"query":
"match_all": {}
}
}
]
}
"filter": {
"and": [
{
"exists": {
"field": "activity.timeline.found"
}
}
{
"exists": {
"field": "activity.timeline.sent"
}
}
]
},
"aggs": {
"avg_timedifference": {
"avg": {
"script" : "Math.ceil(doc['activity.timeline.found'].value - doc['activity.timeline.sent'].value)"
}
}
}
}
You forgot a comma before "filter". Try this:
POST index_my.test/_search
{
"size":10,
"query": {
"bool": {
"must": [
{
"query":
"match_all": {}
}
}
]
},
"filter": {
"and": [
{
"exists": {
"field": "activity.timeline.found"
}
}
{
"exists": {
"field": "activity.timeline.sent"
}
}
]
},
"aggs": {
"avg_timedifference": {
"avg": {
"script" : "Math.ceil(doc['activity.timeline.found'].value - doc['activity.timeline.sent'].value)"
}
}
}
}
Related
Can somebody explain me please what is wrong with this query? I need to convert this generated query from Elasticsearch 2 to Elasticsearch 6. In ES2 this one works well, but in ES6 it throws me an error: [or] query malformed, no start_object after query name. I am lost in it. OR is necessary cause there could be more conditions than this one.
{
"query": {
"bool": {
"filter": {
"or": [
{
"nested": {
"path": "zalozcovia",
"query": {
"bool": {
"filter": [
{
"match": {
"zalozcovia.meno": "\u013dubo\u0161"
}
},
{
"match": {
"zalozcovia.priezvisko": "Majgot"
}
},
{
"match": {
"zalozcovia.mesto": "Trnava"
}
}
]
}
}
}
}
]
}
}
},
"size": 20,
"sort": [
{
"rok": "desc"
},
{
"cislo": "desc"
}
]
}
Thanks.
In ES6 there is afaik no "OR" Query (https://www.elastic.co/guide/en/elasticsearch/reference/6.4/query-dsl-or-query.html). You should use a bool query and use there the "should" Part (https://www.elastic.co/guide/en/elasticsearch/reference/6.4/query-dsl-bool-query.html).
{
"query": {
"bool": {
"filter": [{
"bool": {
"should": [{
"nested": {
"path": "zalozcovia",
"query": {
"bool": {
"filter": [{
"match": {
"zalozcovia.meno": "\u013dubo\u0161"
}
},
{
"match": {
"zalozcovia.priezvisko": "Majgot"
}
},
{
"match": {
"zalozcovia.mesto": "Trnava"
}
}
]
}
}
}
}]
}
}]
}
},
"size": 20,
"sort": [{
"rok": "desc"
},
{
"cislo": "desc"
}
]
}
Try changing "filter-or" with should
{
"query": {
"bool": {
"should" : [
{
"nested": {
"path": "zalozcovia",
"query": {
"bool": {
"filter": [
{
"match": {
"zalozcovia.meno": "\u013dubo\u0161"
}
},
{
"match": {
"zalozcovia.priezvisko": "Majgot"
}
},
{
"match": {
"zalozcovia.mesto": "Trnava"
}
}
]
}
}
}
}
]
}
},
"size": 20,
"sort": [
{
"rok": "desc"
},
{
"cislo": "desc"
}
]
}
We have some employees and needed to find those we haven't entered their birthday or are born before 3/1/1963:
{
"query": {
"bool": {
"should": [
{
"bool": {
"must_not": [{ "exists": { "field": "birthday" } }]
}
},
{
"bool": {
"filter": [{ "range": {"birthday": { "lte": 19630301 }} }]
}
}
]
}
}
}
We now need to get distinct names...we only want 1 Jason or 1 Susan, etc. How do we apply a distinct filter to the "name" field while still filtering for the birthday as above? I've tried:
{
"query": {
"bool": {
"should": [
{
"bool": {
"must_not": [
{
"exists": {
"field": "birthday"
}
}
]
}
},
{
"bool": {
"filter": [
{
"range": {
"birthday": {
"lte": 19630301
}
}
}
]
}
}
]
}
},
"aggs": {
"uniq_gender": {
"terms": {
"field": "name"
}
}
},
"from": 0,
"size": 25
}
but just get results with duplicate Jasons and Susans. At the bottom it will show me that there are 10 Susans and 12 Jasons. Not sure how to get unique ones.
EDIT:
My mapping is very simple. The name field doesn't need to be keyword...can be text or anything else as it is just a field that just gets returned in the query.
{
"mappings": {
"birthdays": {
"properties": {
"name": {
"type": "keyword"
},
"birthday": {
"type": "date",
"format": "basic_date"
}
}
}
}
}
Without knowing your mapping, I'm guessing that your field name is not analyzed and able to be used on terms aggregation properly.
I suggest you, use filtered aggregation:
{
"aggs": {
"filtered_employes": {
"filter": {
"bool": {
"must": [
{
"bool": {
"must_not": [
{
"exists": {
"field": "birthday"
}
}
]
}
},
{
"range": {
"birthday": {
"lte": 19630301
}
}
}
]
}
},
"aggs": {
"filtered_employes_by_name": {
"terms": {
"field": "name"
}
}
}
}
}
}
In other hand your query is not correct your applying a should bool filter. Change it by must and the aggregation will return only results from employes with (missing birthday) and (born before date).
Filtered Query query not working in elastic search. It gives a error Query Parsing exception with filter malformed, no field after start_object
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
"must": [],
"should": [
{
"_expires": null
},
{
"_expires": {
"gte": 1433947304884
}
}
],
"must_not": [
{
"term": {
"age": 19
}
}
]
}
}
}
},
"size": 10,
"from": 0
}
Can somebody help me with this?
Your shoulds should be actually using a filter. For yours you have "_expires": null. This is not a filter.
For example, try:
{
"missing": {
"field": "_expires"
}
},
{
"range": {
"_expires": {
"gte": 1433947304884
}
}
}
I'm trying to create a script field that will calculate a time difference between two timestamps and then aggregate an avg on that script field.
I first tried:
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"and": [
{
"exists": {
"field": "time.new_time"
}
},
{
"exists": {
"field": "time.first_alert_time"
}
}
]
}
}
},
"script_fields": {
"timedifference": {
"script": "doc['time.new_time'].value - doc['time.first_alert_time'].value"
}
},
"aggs": {
"avg_timedifference": {
"avg": {
"field" : "timedifference"
}
}
}
}
Which resulted in null value under the aggregated avg avg_timedifference.
Then I tried:
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"and": [
{
"exists": {
"field": "time.new_time"
}
},
{
"exists": {
"field": "time.first_alert_time"
}
}
]
}
}
},
"script_fields": {
"timedifference": {
"script": "doc['time.new_time'].value - doc['time.first_alert_time'].value"
}
},
"aggs": {
"avg_timedifference": {
"avg": {
"script" : "doc['timedifference'].value"
}
}
}
}
Which generated an error message saying: "No field found for [timedifference] in mapping"
How about simply moving the script to the aggregation?
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"and": [
{
"exists": {
"field": "time.new_time"
}
},
{
"exists": {
"field": "time.first_alert_time"
}
}
]
}
}
},
"aggs": {
"avg_timedifference": {
"avg": {
"script" : "Math.ceil(doc['time.new_time'].value - doc['time.first_alert_time'].value)"
}
}
}
}
it's telling me there's No query registered for [custom_filters_score]];
here's my code in basic form:
"query": {
"custom_filters_score": {
"query": {
"match_all": {}
},
"filters": [
{
"filter": {
"exists": {
"field": "salesrank"
}
}
,"script": "1 / doc['salesrank'].value"
}
]
}
}
}
EDIT:
the only thing i've noticed that works is to put another query after the first 'query' and before 'custom_filters_score'. this then leaves me with two queries - not sure what to do with them both however, and the documentation does not indicate this. :(
i also have to get rid of the 'filters' array and only use a 'filter' object. so, the only thing i've found to work is something like this:
{
"query": {
"match_all": {},
"custom_filters_score": {
"query": {
"match_all": {}
},
"filter": {
"exists": {
"field": "salesrank"
}
,"script": "1 / doc['salesrank'].value"
}
}
}
}
According to the elasticsearch documentation: http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/query-dsl-custom-filters-score-query.html, the "custom_filters_score" was deprecated. The correct way to do it is to replace it with "function_score"
{
"query": {
"function_score": {
"functions": [
{
"script_score": {
"script": "1 / doc['salesrank'].value"
}
}
],
"query": {
"match_all": {}
},
"filter": {
"exists": {
"field": "salesrank"
}
}
}
}
}