Answer the question
In order to leave comments, you need to log in
Z
Z
zx5zx62021-02-08 16:42:37
zx5zx6, 2021-02-08 16:42:37
How to correctly form a request to ElasticSearch?
Description:
The application has the ability to filter the date by key values. For example, if you want to display all items in which "Result: success";
For one of the keys, the value is always in the form of a JS object, with quotes, etc. This results in elasticsearch not being able to parse the JSON correctly. For example, we are looking for all items in which the property changeSet = {'filteringRuleName':null}
Question: how to work with such a request so that the elastic can process it normally?
Fragment of a working request:
In this case, I'm looking for a date whose property is action = EDIT;
"query_string": { "query": "action:EDIT"}
Fragment of a non-working request example:
In this case, I'm looking for a date whose property changeSet = {'filteringRuleName':null};
"query_string": { "query": "changeSet:{'filteringRuleName':null}"}Returned error code:
"reason": {
"type": "query_shard_exception",
"reason": "Failed to parse query [changeSet:{'filteringRuleName':null}]",
"index_uuid": "h0xXZj0eQGWrSIYTcfv5nQ",
"index": "cxc-audit-22-30-2021.02.05",
"caused_by": {
"type": "parse_exception",
"reason": "parse_exception: Cannot parse 'changeSet:{'filteringRuleName':null}': Encountered \" \"}\" \"} \"\" at line 1, column 35.\nWas expecting:\n \"TO\" ...\n ",
"caused_by": {
"type": "parse_exception",
"reason": "parse_exception: Encountered \" \"}\" \"} \"\" at line 1, column 35.\nWas expecting:\n \"TO\" ...\n "
}
}
}___________________________________________
__________________________________________
___________________________________________
___________________________________________
___________________________________________
Full work request:
{
"size": 10,
"from": 0,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"query": {
"bool": {
"must": [
{
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from": 1612523952692,
"to": 1612545552692,
"format": "epoch_millis"
}
}
},
{
"query_string": {
"query": "action:EDIT"
}
}
]
}
},
{
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1612523952692,
"to": 1612545552693,
"format": "epoch_millis"
}
}
},
{
"query_string": {
"query": "action:EDIT"
}
}
]
}
}
]
}
}
}Full non-working query:
{
"size": 10,
"from": 0,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"query": {
"bool": {
"must": [
{
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from": 1612520405515,
"to": 1612542005515,
"format": "epoch_millis"
}
}
},
{
"query_string": {
"query": "changeSet:{'filteringRuleName':null}"
}
}
]
}
},
{
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1612520405515,
"to": 1612542005515,
"format": "epoch_millis"
}
}
},
{
"query_string": {
"query": "changeSet:{'filteringRuleName':null}"
}
}
]
}
}
]
}
}
}
Similar questions
A
A
Y
yezolux2014-11-28 00:46:48
RoR 4, Elasticsearch and searchkick. How to do a conditional search?
1Reply
Z
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question