stackoom
  简体   繁体   中英

Elasticsearch field not supported in range query

 原文  2018-02-26 12:39:39       curl/ elasticsearch/ logstash

Question

I'm using a curl query to try to get data from my elasticsearch instance. All my indices and types have a field call @timestamp which use the "strict_date_optional_time" format. But everytime I try to use a range filter on that field, my queries fail.

The query I execute : 

curl 'localhost:X/logstash-*/traces_console/_search' -d '{
"query" : {
    "bool": {
        "must": [
            { "match_all": {} }
        ],
        "filter": [
            { "range":
                { "@timestamp": 
                    "gte": "2018-02-20T13:55:06.387Z",
                    "lte": "2018-02-23T13:55:06.387Z"
                }
            }
        ]
    }}
}'

The error message : 

"reason":{
    "type":"query_parsing_exception",
    "reason":"[range] query does not support [@timestamp]",
    "index":"logstash-2018.02.06","line":10,"col":21
}

I don't understand why this error keep popping. When i looked upon most of what was already published regarding this, all the people using date format have working queries. If you have any hint or clue about why it does not work I will apreciate.

Here some informations that can be useful :

Environment

  • OS: Red Hat Enterprise Linux Server release 6.5 (Santiago)
  • Java: 1.7
  • Elasticsearch: 2.4
  • Logstash: 2.4

Mapping generated from logstash 

"traces_console":{
    "properties":{
        "@timestamp":{
            "type":"date",
            "format":"strict_date_optional_time||epoch_millis"
        },
        "@version":{"type":"string"},
        "Method":{"type":"string"},
        "RequestSize":{"type":"string"},
        "ResponseSize":{"type":"string"},
        "ResponseTime":{"type":"string"},
        "SubSystem":{"type":"string"},
        "column1":{"type":"string"},
        "column2":{"type":"string"},
        "column3":{"type":"string"},
        "column4":{"type":"string"},
        "column5":{"type":"string"},
        "host":{"type":"string"},
        "path":{"type":"string"},
        "type":{"type":"string"}
    }
}

Logstash configuration file feeding elasticsearch 

input {
  file {
    path => "LOG_PATH/TRACES_CONSOLE.log"
    start_position => "beginning"
    type => "traces_console"
  }
}

filter {
  csv {
    separator => ";"
    columns => ["Method","RequestSize","ResponseSize","ResponseTime","SubSystem"]
    source => message
    convert => {
      "RequestSize" => "date"
      "ResponseSize" => "date"
    }
    remove_field => ["message"]
  }
}

output {
  elasticsearch {
    hosts => ["localhost:X"]
  }
}

1 answers

solution1
 1 ACCPTED  2018-02-27 00:52:18

Your Range Query syntax is not correct, you need extra curly braces: 

{ "range":
     { "@timestamp": {
           "gte": "2018-02-20T13:55:06.387Z",
           "lte": "2018-02-23T13:55:06.387Z"
       }
     }
 }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Date range query in elasticsearch Problem with Elasticsearch query - [range] malformed query, expected [END_OBJECT] but found [FIELD_NAME] Elasticsearch range request Exclude in elasticsearch query gives failed to parse search source. expected field name but got [START_OBJECT] Is there any way to query elasticsearch using curl for multiple documents to extract field values from _source? AND query in elasticsearch with curl Ajax query format with Elasticsearch elasticsearch query and cURL in PHP Range aggregation using elasticsearch-dsl-py Elasticsearch cURL query string in PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM