0

I am having a query parsing exception. I am using javascript. My configuration is present in elastic.js file.

I am getting results if I remove the filtered part. But if I add it, I am getting the exception

var client = require('./elastic.js');

client.search({
    index: 'test-2017.03.25',
    size: 0,
    body: {
        query: {
            bool: {
                must: {
                    match: {
                        status: 502,
                    }
                },

            },
            filtered: {
                query: {
                    range: {
                        timestamp: {'gt': 1490380200000}
                    }
                }
            }
        }
    }
}, function (error, response, status) {
    if (error) {
        console.log("search error: " + error)
    }
    else {
        console.log("--- Response ---");
        console.log(response);
        console.log("--- Hits ---");
        response.hits.hits.forEach(function (hit) {
            console.log(hit);
        })
    }
});

This is my object mappings:

"test-2017.03.02": {
    "mappings": {
      "log": {
        "properties": {
          "@timestamp": {
            "type": "date",
            "format": "strict_date_optional_time||epoch_millis"
          },
          "@version": {
            "type": "string"
          },
          "beat": {
            "properties": {
              "hostname": {
                "type": "string"
              },
              "name": {
                "type": "string"
              }
            }
          },
          "body_bytes_sent": {
            "type": "string"
          },
          "count": {
            "type": "long"
          },
          "fields": {
            "properties": {
              "label": {
                "type": "string"
              }
            }
          },
          "host": {
            "type": "string"
          },
          "http_referrer": {
            "type": "string"
          },
          "http_user_agent": {
            "type": "string"
          },
          "input_type": {
            "type": "string"
          },
          "message": {
            "type": "string"
          },
          "offset": {
            "type": "long"
          },
          "remote_addr": {
            "type": "string"
          },
          "remote_user": {
            "type": "string"
          },
          "request": {
            "type": "string"
          },
          "request_method": {
            "type": "string"
          },
          "request_time": {
            "type": "double"
          },
          "source": {
            "type": "string"
          },
          "status": {
            "type": "string"
          },
          "tags": {
            "type": "string"
          },
          "time": {
            "type": "string"
          },
          "type": {
            "type": "string"
          }
        }
      }
    }
  }

I want to get that data based on status and request and filter using the timestamp field.

I am getting the following error:

search error: [parse_exception] failed to parse search source. expected field name but got [START_OBJECT]

Please help.

Sample Document :

{
  "_index": "test-2017.03.25",
  "_type": "log",
  "_id": "JI9u8hGG8y8gGUk",
  "_score": 1.0,
  "_source": {
    "@version": "1",
    "@timestamp": "2017-03-25T00:00:01.617Z",
    "count": 1,
    "offset": 1114273370,
    "type": "log",
    "input_type": "log",
    "fields": {
      "label": "test"
    },
    "source": "/var/log/nginx/access.log",
    "tags": [
      "_grokparsefailure"
    ],
    "time": "25/Mar/2017:05:30:00 +0530",
    "body_bytes_sent": "81",
    "request_time": 0.052,
    "status": "200",
    "request": "GET /api/test?status=test HTTP/1.1",
    "request_method": "GET",
    "http_referrer": "-",
    "http_user_agent": "Java/1.8.0_31"
  }
}
Improve this question

1 Answer 1

Reset to default
1

Your query is not valid, change it to this:

client.search({
    index: 'test-2017.03.25',
    size: 0,
    body: {
        query: {
            bool: {
                filter: [
                  {
                    match: {
                        status: 502,
                    }
                  },
                  {
                    range: {
                        '@timestamp': {'gt': 1490380200000}
                    }
                  }
                ]
            }
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

It worked but did not get any hits. I'm adding a sample Document. Can you give a query to get similar documents.
Feel free to share a sample document that should match.
According to your mapping, in the range query timestamp should be @timestamp

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.