ES giving error when sorting by distance - sorting

I'm trying to sort search results by distance. However, when i try i get the following error:
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "sort option [location] not supported"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "roeselaredev",
"node": "2UYlfd7sTd6qlJWgdK2wzQ",
"reason": {
"type": "illegal_argument_exception",
"reason": "sort option [location] not supported"
}
}
]
},
"status": 400
}
The query i sent looks like this:
GET _search
{
"query": {
"match_all": []
},
"sort": [
{
"geo_distance": {
"location": {
"lat": 50.9436034,
"long": 3.1242917
},
"order":"asc",
"unit":"km",
"distance_type":"plane"
}
},
{
"_score": {
"order":"desc"
}
}
]
}
As near as i can tell i followed the instructions in the documentation to the letter. I'm not getting a malformed query result. I'm just getting a not supported result for the sort by distance option. Any ideas as to what i'm doing wrong?

The query dsl is invalid the OP is almost-correct :) but missing an under-score.
While sorting by distance it is _geo_distance and not geo_distance.
Example:
GET _search
{
"query": {
"match_all": []
},
"sort": [
{
"_geo_distance": {
"location": {
"lat": 50.9436034,
"long": 3.1242917
},
"order":"asc",
"unit":"km",
"distance_type":"plane"
}
},
{
"_score": {
"order":"desc"
}
}
]
}

Related

update a particular field of elasticsearch document

Hi I am trying to update documents a elasticsearch which meets specific criteria. I am using google sense(chrome extension) for making request. The request that I am making is as shown below:
GET styling_rules2/product_line_filters/_update
{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{"term":{"product_line_attribute": "brand"}}
],
"minimum_should_match": 1
}
},
"filter": {
"term": {
"product_line_name": "women_skirts"
}
}
}
},
"script" : "ctx._source.brand=brands"
}
sample document is as shown below:
{
"product_line_attribute_db_path": "product_filter.brand",
"product_line_attribute": "brand",
"product_line_name": "women_skirts",
"product_line_attribute_value_list": [
"vero moda",
"faballey",
"only",
"rider republic",
"dorothy perkins"
]
}
desired result: update all the document which has product_line_attribute="brand" and product_line_name="women_skirts" to product_line_attribute="brands".
problem: I am getting the error as follows:
{
"error": {
"root_cause": [
{
"type": "search_parse_exception",
"reason": "failed to parse search source. unknown search element [script]",
"line": 18,
"col": 4
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "styling_rules2",
"node": "2ijp1pXwT46FN4on4-JPlg",
"reason": {
"type": "search_parse_exception",
"reason": "failed to parse search source. unknown search element [script]",
"line": 18,
"col": 4
}
}
]
},
"status": 400
}
thanks in advance!
You should use the _update_by_query endpoint and not _update. Also the script section is not correct, which is probably why you're getting a class_cast_exception.
Try this instead:
POST styling_rules2/product_line_filters/_update_by_query
{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"term": {
"product_line_attribute": "brand"
}
}
],
"minimum_should_match": 1
}
},
"filter": {
"term": {
"product_line_name": "women_skirts"
}
}
}
},
"script": {
"inline": "ctx._source.brand=brands"
}
}

ElasticSearch aggregate information grouped by month

I am working on an ElasticSearch query that should give me back all documents where a date field is now-1 year ago and then group them all by month (giving me total count for each month), but am failing on writing this query.
This is what I have:
{
"query": {
"bool": {
"must": [
{
"terms": {
"account_id": [
1
]
}
}
]
}
},
"aggs": {
"growth": {
"date_range": {
"field": "member_since",
"format": "YYYY-MM-DD",
"ranges": [
{
"to": "now-1Y/M"
},
{
"from": "now-1Y/M"
}
]
}
}
},
"size": 100
}
I am running the query like so:
POST https://my-es-cluster-url.com, but I keep getting this error:
{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "unit [Y] not supported for date math [-1Y/M]"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query_fetch",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "index0",
"node": "MkypXlGdQamAplca1JIgZQ",
"reason": {
"type": "parse_exception",
"reason": "unit [Y] not supported for date math [-1Y/M]"
}
}
]
},
"status": 400
}
I reproduced your problem with a simpler query on my data.
"query": {
"range": {
"recent_buy_transaction": {
"from": "now-1Y"
}
}
}
I get the same error.
ElasticSearchParseException[unit [Y] not supported for date math [-1Y]]
However, using small y fixes the problem. Hence, you should try using:
now-1y/M
From the documentation
The supported time units are: y (year), M (month), w (week), d (day), h (hour), m (minute), and s (second).

Error in executing groovy script in elasticsearch

below is my query, I want to change score calculation using function_score feature:
{
"size": 1,
"query":{
"function_score": {
"query": {
"bool": {
"must": [
{
"match": {
"messageText": "car"
}
}
]
}
},
"script_score" : {
"script" : "doc['time_views'].values[doc['time_views'].values.length-1]"
}
,
"boost_mode": "replace"
}
},
"from": 0
}
but I got this error response
{
"error": {
"root_cause": [
{
"type": "script_exception",
"reason": "failed to run inline script [doc['time_views'].values[doc['time_views'].values.length-1]] using lang [groovy]"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "datacollection",
"node": "TWeZV3R6Rq-WYQ2YIHjILQ",
"reason": {
"type": "script_exception",
"reason": "failed to run inline script [doc['time_views'].values[doc['time_views'].values.length-1]] using lang [groovy]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "No field found for [time_views] in mapping with types [message]"
}
}
}
]
},
"status": 500
}
some solutions says using quotation in "doc['time_views']" causes the problem when query has been send from command prompt tools. I don't know why!
I don't use any command prompt tools. I create the query in java code directly
EDIT
this is my index mapping:
"mappings": {
"message": {
"properties": {
"text": {
"type": "string"
},
"time_views": {
"type": "nested",
"properties": {
"backupTimestamp": {
"type": "long"
},
"views": {
"type": "integer"
}
}
}
}
}
}
}
I want to use "views" of last item of "time_views". so I try below scripts too, but each of them throw different error:
"doc['time_views.views'].values[doc['time_views.views'].values.length-1]"
error: java.util.ArrayList cannot be cast to java.lang.Number
"doc['time_views.views'].values[doc['time_views.views'].values.size()-1]"
error: failed to run inline script [doc['time_views.views'].values[doc['time_views.views'].values.size()-1]] using lang [groovy]
"doc['time_views'].values[doc['time_views'].values.size()-1].views"
error: failed to run inline script [doc['time_views'].values[doc['time_views'].values.size()-1].views] using lang [groovy]"
I'm really new in elasticsearch and groovy language. I didn't care about that "time_views" is nested Object, also I don't know syntax of groovy exactly, after some affort I found my mistakes and the solution:
{
"size": 1,
"query":{
"function_score": {
"query": {
"bool": {
"must": [
{
"match": {
"messageText": "car"
}
}
]
}
},
"script_score" : {
"script" : "doc['time_views.views'].values.get(doc['time_views.views'].values.size()-1)"
}
,
"boost_mode": "replace"
}
},
"from": 0
}
It's work as I expected

ElasticSearch - failed to parse search source. expected field name but got [START_OBJECT]

I can't figure out what's wrong in my ES query.
I want to filter on a specific field, and also sort by other field.
Request:
GET /_search
{
"query" : {
"term": {
"_type" : "monitor"
},
"filtered" : {
"filter" : { "term" : { "ProcessName" : "myProc" }}
}
},
"sort": { "TraceDateTime": { "order": "desc", "ignore_unmapped": "true" }}
}
Response:
{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "failed to parse search source. expected field name but got [START_OBJECT]"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": ".kibana",
"node": "94RPDCjhQh6eoTe6XoRmSg",
"reason": {
"type": "parse_exception",
"reason": "failed to parse search source. expected field name but got [START_OBJECT]"
}
}
]
},
"status": 400
}
You have a syntax error in your query, you need to enclose both of your term queries inside a bool/must compound query, it needs to be like this:
POST /_search
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"ProcessName": "myProc"
}
},
{
"term": {
"_type": "monitor"
}
}
]
}
}
}
},
"sort": {
"TraceDateTime": {
"order": "desc",
"ignore_unmapped": "true"
}
}
}
PS: Always use POST when sending a payload in your query.

elasticsearch how to include many values for the same field in the match phrase

This is my query
GET blablabla/_search
{
"query": {
"bool": {
"must": [
{"match" : {"source" : "balblabla"}},
{"match" :{"blablablab" : "JBR"}},
{"match": {"city" : "blab bla"}},
{"match" : {"something": ["Balcony" , "Gym"]}}
]
}
}
}
I am getting this error:
{
"error": {
"root_cause": [
{
"type": "query_parsing_exception",
"reason": "[match] query parsed in simplified form, with direct field name, but included more options than just the field name, possibly use its 'options' form, with 'query' element?",
"index": "index name goes here",
"line": 8,
"col": 35
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "index name goes here",
"node": "4Qjq5UGPSZO2Qtg-ECI_mQ",
"reason": {
"type": "query_parsing_exception",
"reason": "[match] query parsed in simplified form, with direct field name, but included more options than just the field name, possibly use its 'options' form, with 'query' element?",
"index": "index name goes here",
"line": 8,
"col": 35
}
}
]
},
"status": 400
}
When I remove this line
{"match" : {"something": ["Balcony" , "Gym"]}}
It works fine, but why does that line causes a parsing error, since arrays are fine in json?
My elasticsearch version is 2.2
The error comes from the parser, you must specified with an "OR" when passing multiple needles.
to fix your case you must replace
{
"match": {
"something": [
"Balcony",
"Gym"
]
}
}
WITH
{
"match": {
"something": "Balcony OR Gym"
}
}
so at the end it should look like this:
{
"query": {
"bool": {
"must": [
{
"match": {
"source": "balblabla"
}
},
{
"match": {
"blablablab": "JBR"
}
},
{
"match": {
"city": "blab bla"
}
},
{
"match": {
"something": "Balcony OR Gym"
}
}
]
}
}
}
hope this will help you and point you in the right path :)
regards,
Daniel

Resources