Data in my elasticsearch contains a field named facilityName. I have a requirement where I have to see if there are any duplicate records with facilityNameTypeCode as "UWI" and having same facilityName value. Following is a structure example:
"facilityName": [
{
"facilityNameTypeId": {
"facilityNameTypeCode": "Name"
},
"facilityName": "Rishav jayswal"
},
{
"facilityNameTypeId": {
"facilityNameTypeCode": "Name"
},
"facilityName": "R.M"
}
]
This is the query I created:
GET _search
{
"query" : {
"term" : {"facilityName.facilityNameTypeId.facilityNameTypeCode" : "UWI"}
},
"aggs" : {
"duplicateNames": {
"terms": {
"field": "facilityName.facilityName",
"size": 0,
"min_doc_count": 2
}
}
}
}
But I am having this error:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[terms] failed to parse field [size]",
"line": 10,
"col": 27
}
],
"type": "parsing_exception",
"reason": "[terms] failed to parse field [size]",
"line": 10,
"col": 27,
"caused_by": {
"type": "illegal_argument_exception",
"reason": "[size] must be greater than 0. Found [0] in [duplicateNames]"
}
},
"status": 400
}
Can anyone suggest on how to do this?
The error is pretty clear
[size] must be greater than 0. Found [0] in [duplicateNames]
So simply set size to something bigger than 0, it doesn't make much sense to set it to 0 anyway
"terms": {
"field": "facilityName.facilityName",
"size": 10,
"min_doc_count": 2
}
Related
I'm trying to use ElasticSearch v. 7.11.1 on Windows 10. I don't know how to make multi_terms aggregation work. This query:
{
"aggs": {
"test_agg": {
"multi_terms": {
"terms": [{
"field": "JobTitle.keyword"
}, {
"field": "AboutMe.keyword"
}]
}
}
}
}
gives me this:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "Unknown aggregation type [multi_terms] did you mean [rare_terms]?",
"line": 4,
"col": 22
}
],
"type": "parsing_exception",
"reason": "Unknown aggregation type [multi_terms] did you mean [rare_terms]?",
"line": 4,
"col": 22,
"caused_by": {
"type": "named_object_not_found_exception",
"reason": "[4:22] unknown field [multi_terms]"
}
},
"status": 400
}
but this query:
{
"aggs": {
"test_agg": {
"terms":
{
"field": "JobTitle.keyword",
"size": "10"
}
}
}
}
works.
What am I doing wrong ?
The problem is, that you're using Elasticsearch 7.11.
As you can see in the Release notes, they added the multi_terms feature in 7.12.0.
I have a handful of indexes, some of which have a particular date property indicating when it was published (date_publish), and others do not. I am trying to apply a gauss function to decay the score of documents which were published a long time ago. The relevant indexes are correctly configured to recognise the date_publish property as a date.
I have set up my query as follows, specifically filtering documents which do not have the property:
{
"index": "index_contains_prop,index_does_not_contains_prop",
"body": {
"query": {
"function_score": {
"score_mode": "avg",
"query": {
"match_all": {}
},
"functions": [
{
"script_score": {
"script": {
"source": "0"
}
}
},
{
"filter": {
"exists": {
"field": "date_publish"
}
},
"gauss": {
"date_publish": {
"origin": "now",
"scale": "728d",
"offset": "7d",
"decay": 0.5
}
}
}
]
}
},
"from": 0,
"size": 1000
}
}
However, the query errors with the following:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "unknown field [date_publish]",
"line": 1,
"col": 0
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "index_does_not_contains_prop",
"node": "1hfXZK4TT3-K288nIr0UWA",
"reason": {
"type": "parsing_exception",
"reason": "unknown field [date_publish]",
"line": 1,
"col": 0
}
}
]
},
"status": 400
}
I have RTFM'd many times, and i can't see any discrepancy - I ahve also tried wrapping the exists condition in a bool:must object, to no avail.
Have I misunderstood the purpose of the filter argument?
The exists query will only work on fields that are part of the index mapping. It will return only documents that have a value for this field, but the field itself still needs to be defined in the mapping. This is why you're getting an error - index_does_not_contains_prop does not have date_publish mapped. You can use the put mapping API to add this field to the indexes who don't have it (it won't change any document), and then your query should work.
I have an index with the field mapping with one property (id: integer).
When I am querying into that index, I am able to get the correct response. Now, I want to add one extra fields into _source object at the query time using painless scripting.
The elasticsearch version is 6.0.1.
I have already tried adding script as a field in the query block. But it throws an error:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 7
}
],
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 7
},
"status": 400
}
GET 20190719_candidate/candidate/_search
{
"min_score": 0.001,
"query": {
"term": {
"id": 1234
},
"script": {
"script": {
"inline": "doc['field_1'] = 'field_1_value'"
}
}
},
"from": 0,
"size": 20
}
The expected result for _source object is:
{
"id": "1234567",
"field_1": "field_1_value"
}
You are missing the structure:
GET 20190719_candidate/candidate/_search
{
"min_score": 0.001,
"query": {
"term": {
"id": 1234
},
"script_fields": {
"test1":{
"script": {
"lang": "painless",
"source": "'field_1_value'"
}
}
}
},
"from": 0,
"size": 20
}
Take a look in this example:
GET /_search
{
"query" : {
"match_all": {}
},
"script_fields" : {
"test1" : {
"script" : {
"lang": "painless",
"source": "doc['price'].value * 2"
}
},
"test2" : {
"script" : {
"lang": "painless",
"source": "doc['price'].value * params.factor",
"params" : {
"factor" : 2.0
}
}
}
}
}
source: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-body.html#request-body-search-script-fields
"root_cause": [
{
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 7
}
],
the error says that you have a malformed query, you have missed a closing bracket in line 7 to close the "query" attribute.
you query should be like:
GET 20190719_candidate/candidate/_search
{
"min_score": 0.001,
"query": {
"term": {
"id": 1234
}},
"script": {
"lang": "painless",
"inline": "doc['field_1'] = 'field_1_value'"
},
"from": 0,
"size": 20
}
I want use the match and range, my body in the query is :
{
"query": {
"match" : {
"netscaler.ipadd" : "192.68.2.39"
},
"range": {
"#timestamp": {
"gte":"2015-08-04T11:00:00",
"lt":"2015-08-04T12:00:00"
}
}
},
"aggs" : {
"avg_grade" : {
"avg" : { "field" : "netscaler.stat.system.memusagepcnt" }
}
}
}
and elsaticsearch responds with:
{
"error": {
"root_cause": [{
"type": "parsing_exception",
"reason": "[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 6,
"col": 7
}],
"type": "parsing_exception",
"reason": "[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 6,
"col": 7
},
"status": 400
}
I need know which is the best way or the correct way for do that.
If you have multiple queries you probably should wrap them inside a bool query:
{
"query": {
"bool": {
"must": [
{
"match": {
"netscaler.ipadd": "192.68.2.39"
}
},
{
"range": {
"#timestamp": {
"gte": "2015-08-04T11:00:00",
"lt": "2015-08-04T12:00:00"
}
}
}
]
}
},
"aggs": {
"avg_grade": {
"avg": {
"field": "netscaler.stat.system.memusagepcnt"
}
}
}
}
More info in the docs
I wanted to try weighted average on ES-5.0.0.
I tried something with json code:
GET ABC/xyz/_search
{
"aggs": {
"myAggr": {
"terms": {
"field": "UrunNo",
"order": { "weightedAvg": "desc"}
},
"aggs": {
"weightedAvg": { "avg" : { "script" : "[values: doc['BirimFiyat'].value, weights: doc['Adet'].value]" }}
} } } }
I have error:
{"error": {
"root_cause": [
{ "type": "parsing_exception",
"reason": "Unexpected token VALUE_STRING [script] in [weightedAvg].",
"line": 9,
"col": 49
} ],
"type": "parsing_exception",
"reason": "Unexpected token VALUE_STRING [script] in [weightedAvg].",
"line": 9,
"col": 49
},"status": 400 }
What is the problem? or Is Weighted average possible on ES-5.0.0?