I have below payload in my REST call (POST) and its working fine Elastic search 2.1.1 but not in ES 5.6.7
{"from":0,"size":5,"sort":[{"releasedDate":{"order":"desc"}}],"query":{"query_string":{"query":{"query":"demo demo*","defaultOperator":"and"}}}}
In ES 5.6.7, I got below exception
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[query_string] unknown token [START_OBJECT] after [query]",
"line": 1,
"col": 96
}
],
"type": "parsing_exception",
"reason": "[query_string] unknown token [START_OBJECT] after [query]",
"line": 1,
"col": 96
},
"status": 400
}
Anyone have any idea why the payload is not working in ES 5.6.7 ??
In ES 5.6.7 you need to write it like this:
{
"from": 0,
"size": 5,
"sort": [
{
"releasedDate": {
"order": "desc"
}
}
],
"query": {
"query_string": {
"query": "demo demo*",
"default_operator": "and"
}
}
}
Find the documentation here.
Related
I'm trying to use ElasticSearch v. 7.11.1 on Windows 10. I don't know how to make multi_terms aggregation work. This query:
{
"aggs": {
"test_agg": {
"multi_terms": {
"terms": [{
"field": "JobTitle.keyword"
}, {
"field": "AboutMe.keyword"
}]
}
}
}
}
gives me this:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "Unknown aggregation type [multi_terms] did you mean [rare_terms]?",
"line": 4,
"col": 22
}
],
"type": "parsing_exception",
"reason": "Unknown aggregation type [multi_terms] did you mean [rare_terms]?",
"line": 4,
"col": 22,
"caused_by": {
"type": "named_object_not_found_exception",
"reason": "[4:22] unknown field [multi_terms]"
}
},
"status": 400
}
but this query:
{
"aggs": {
"test_agg": {
"terms":
{
"field": "JobTitle.keyword",
"size": "10"
}
}
}
}
works.
What am I doing wrong ?
The problem is, that you're using Elasticsearch 7.11.
As you can see in the Release notes, they added the multi_terms feature in 7.12.0.
trying to get this query below to work on GCP. need this to query for beta api's being used every 24 hours. keep getting error in the query. probably a simple syntax error, but im not seeing it.
GET /gcp-%2A/_search
{
"query": {
"range" : {
"timestamp" : {
"gte" : "now-1d/d",
"lt" : "now/d"
}
},
"wildcard": {
"protoPayload.methodName": {
"value": "*beta*",
"boost": 1.0,
"rewrite": "constant_score"
}
}
}
}
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 9,
"col": 13
}
],
"type": "parsing_exception",
"reason": "[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 9,
"col": 13
},
"status": 400
}
You were almost there:
GET /gcp-%2A/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"gte": "now-1d/d",
"lt": "now/d"
}
}
},
{
"wildcard": {
"protoPayload.methodName": {
"value": "*beta*",
"boost": 1,
"rewrite": "constant_score"
}
}
}
]
}
}
}
I have an index with the field mapping with one property (id: integer).
When I am querying into that index, I am able to get the correct response. Now, I want to add one extra fields into _source object at the query time using painless scripting.
The elasticsearch version is 6.0.1.
I have already tried adding script as a field in the query block. But it throws an error:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 7
}
],
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 7
},
"status": 400
}
GET 20190719_candidate/candidate/_search
{
"min_score": 0.001,
"query": {
"term": {
"id": 1234
},
"script": {
"script": {
"inline": "doc['field_1'] = 'field_1_value'"
}
}
},
"from": 0,
"size": 20
}
The expected result for _source object is:
{
"id": "1234567",
"field_1": "field_1_value"
}
You are missing the structure:
GET 20190719_candidate/candidate/_search
{
"min_score": 0.001,
"query": {
"term": {
"id": 1234
},
"script_fields": {
"test1":{
"script": {
"lang": "painless",
"source": "'field_1_value'"
}
}
}
},
"from": 0,
"size": 20
}
Take a look in this example:
GET /_search
{
"query" : {
"match_all": {}
},
"script_fields" : {
"test1" : {
"script" : {
"lang": "painless",
"source": "doc['price'].value * 2"
}
},
"test2" : {
"script" : {
"lang": "painless",
"source": "doc['price'].value * params.factor",
"params" : {
"factor" : 2.0
}
}
}
}
}
source: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-body.html#request-body-search-script-fields
"root_cause": [
{
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 7
}
],
the error says that you have a malformed query, you have missed a closing bracket in line 7 to close the "query" attribute.
you query should be like:
GET 20190719_candidate/candidate/_search
{
"min_score": 0.001,
"query": {
"term": {
"id": 1234
}},
"script": {
"lang": "painless",
"inline": "doc['field_1'] = 'field_1_value'"
},
"from": 0,
"size": 20
}
Data in my elasticsearch contains a field named facilityName. I have a requirement where I have to see if there are any duplicate records with facilityNameTypeCode as "UWI" and having same facilityName value. Following is a structure example:
"facilityName": [
{
"facilityNameTypeId": {
"facilityNameTypeCode": "Name"
},
"facilityName": "Rishav jayswal"
},
{
"facilityNameTypeId": {
"facilityNameTypeCode": "Name"
},
"facilityName": "R.M"
}
]
This is the query I created:
GET _search
{
"query" : {
"term" : {"facilityName.facilityNameTypeId.facilityNameTypeCode" : "UWI"}
},
"aggs" : {
"duplicateNames": {
"terms": {
"field": "facilityName.facilityName",
"size": 0,
"min_doc_count": 2
}
}
}
}
But I am having this error:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[terms] failed to parse field [size]",
"line": 10,
"col": 27
}
],
"type": "parsing_exception",
"reason": "[terms] failed to parse field [size]",
"line": 10,
"col": 27,
"caused_by": {
"type": "illegal_argument_exception",
"reason": "[size] must be greater than 0. Found [0] in [duplicateNames]"
}
},
"status": 400
}
Can anyone suggest on how to do this?
The error is pretty clear
[size] must be greater than 0. Found [0] in [duplicateNames]
So simply set size to something bigger than 0, it doesn't make much sense to set it to 0 anyway
"terms": {
"field": "facilityName.facilityName",
"size": 10,
"min_doc_count": 2
}
I'm using the official Docker image for Elasticsearch OSS (docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.4) and can't seem to get script_score working at all. It seems like scripting isn't enabled.
For example, this:
POST http://localhost:9200/address/address/_search
{
"query": {
"function_score": {
"query": {
"match": {
"fullAddress": {
"query": "13 fake",
"operator": "and"
}
}
},
"script_score": {
"lang": "expression",
"source": "doc['flatNumber'].length"
}
}
}
}
gives me this:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "script_score query does not support [source]",
"line": 13,
"col": 15
}
],
"type": "parsing_exception",
"reason": "script_score query does not support [source]",
"line": 13,
"col": 15
},
"status": 400
}
I tried enabling it:
PUT http://localhost:9200/_cluster/settings
{
"persistent": {
"script.engine.groovy.inline.aggs": "on"
}
}
but to no avail:
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "persistent setting [script.engine.groovy.inline.aggs], not recognized"
}
],
"type": "illegal_argument_exception",
"reason": "persistent setting [script.engine.groovy.inline.aggs], not recognized"
},
"status": 400
}
How do I get script_score working?
You're simply missing a script section in your script_score. Modify it like this and it will work:
"script_score": {
"script": {
"lang": "expression",
"source": "doc['flatNumber'].length"
}
}