Pardha.Saradhi
Reputation: 478
search error: [parse_exception] failed to parse search source. expected field name but got [START_OBJECT]
I am having a query parsing exception. I am using javascript. My configuration is present in elastic.js file.
I am getting results if I remove the filtered part. But if I add it, I am getting the exception
var client = require('./elastic.js');
client.search({
index: 'test-2017.03.25',
size: 0,
body: {
query: {
bool: {
must: {
match: {
status: 502,
}
},
},
filtered: {
query: {
range: {
timestamp: {'gt': 1490380200000}
}
}
}
}
}
}, function (error, response, status) {
if (error) {
console.log("search error: " + error)
}
else {
console.log("--- Response ---");
console.log(response);
console.log("--- Hits ---");
response.hits.hits.forEach(function (hit) {
console.log(hit);
})
}
});
This is my object mappings:
"test-2017.03.02": {
"mappings": {
"log": {
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"@version": {
"type": "string"
},
"beat": {
"properties": {
"hostname": {
"type": "string"
},
"name": {
"type": "string"
}
}
},
"body_bytes_sent": {
"type": "string"
},
"count": {
"type": "long"
},
"fields": {
"properties": {
"label": {
"type": "string"
}
}
},
"host": {
"type": "string"
},
"http_referrer": {
"type": "string"
},
"http_user_agent": {
"type": "string"
},
"input_type": {
"type": "string"
},
"message": {
"type": "string"
},
"offset": {
"type": "long"
},
"remote_addr": {
"type": "string"
},
"remote_user": {
"type": "string"
},
"request": {
"type": "string"
},
"request_method": {
"type": "string"
},
"request_time": {
"type": "double"
},
"source": {
"type": "string"
},
"status": {
"type": "string"
},
"tags": {
"type": "string"
},
"time": {
"type": "string"
},
"type": {
"type": "string"
}
}
}
}
}
I want to get that data based on status and request and filter using the timestamp field.
I am getting the following error:
search error: [parse_exception] failed to parse search source. expected field name but got [START_OBJECT]
Please help.
Sample Document :
{
"_index": "test-2017.03.25",
"_type": "log",
"_id": "JI9u8hGG8y8gGUk",
"_score": 1.0,
"_source": {
"@version": "1",
"@timestamp": "2017-03-25T00:00:01.617Z",
"count": 1,
"offset": 1114273370,
"type": "log",
"input_type": "log",
"fields": {
"label": "test"
},
"source": "/var/log/nginx/access.log",
"tags": [
"_grokparsefailure"
],
"time": "25/Mar/2017:05:30:00 +0530",
"body_bytes_sent": "81",
"request_time": 0.052,
"status": "200",
"request": "GET /api/test?status=test HTTP/1.1",
"request_method": "GET",
"http_referrer": "-",
"http_user_agent": "Java/1.8.0_31"
}
}
Upvotes: 0
Views: 497
Answers (1)
Val
Reputation: 217544
Your query is not valid, change it to this:
client.search({
index: 'test-2017.03.25',
size: 0,
body: {
query: {
bool: {
filter: [
{
match: {
status: 502,
}
},
{
range: {
'@timestamp': {'gt': 1490380200000}
}
}
]
}
}
}
Upvotes: 1
Related Questions
- Elastic Search shows "Unknown key for a START_OBJECT" exception
- Getting error when search for query [match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]
- Unknown key for a START_ARRAY in [fields]. in elasticsearch
- Elasticsearch malformed query, expected [END_OBJECT] but found [FIELD_NAME]
- unknown field [dest], parser not found- error coming while reindexing
- failed to parse search source, expected field name but got [START_OBJECT]
- failed to parse search source. expected field name but got [START_OBJECT]
- Elastic Search: parse_exception: failed to parse search source. expected field name but got [START_OBJECT]
- ElasticSearch - failed to parse search source. expected field name but got [START_OBJECT]
- Elasticsearch: Expected field name but got START_OBJECT