Cannot use non-grouped column error. How to get around this?

pgervais · November 19, 2019, 8:33pm

I'm running the following SQL command as shown below. This command looks at all row between the respective start and date and find the MAX of the TotalCPULoadMIPS field for each day.
If i remove the "@timestamp" the SQL runs properly. The command will not accept more than one field. It only accepts one field as long as we use an arithmetic function.

POST /_sql?format=csv
{"query":"SELECT  \"@timestamp\", MAX(TotalCPULoadMIPS) AS PeakMips  FROM testwebsphere WHERE \"@timestamp\" BETWEEN CAST('2019-03-01' AS DATE) AND CAST('2019-04-30' AS DATE) GROUP BY CAST (\"@timestamp\" AS DATE)  " }

The error we get is shown below:

{
  "error": {
    "root_cause": [
      {
        "type": "verification_exception",
        "reason": "Found 1 problem(s)\nline 1:9: Cannot use non-grouped column [@timestamp], expected [CAST (\"@timestamp\" AS DATE)]"
      }
    ],
    "type": "verification_exception",
    "reason": "Found 1 problem(s)\nline 1:9: Cannot use non-grouped column [@timestamp], expected [CAST (\"@timestamp\" AS DATE)]"
  },
  "status": 400
}

How can i add another field in the SELECT statement? What is the proper syntax? Why is this not accepted syntax?

Also tried:

POST /_sql?format=csv
{"query":"SELECT  CAST (\"@timestamp\" AS DATE), MAX(TotalCPULoadMIPS) AS PeakMips  FROM testwebsphere WHERE \"@timestamp\" BETWEEN CAST('2019-03-01' AS DATE) AND CAST('2019-04-30' AS DATE) GROUP BY CAST (\"@timestamp\" AS DATE)  " }

Got this error:

{
  "error": {
    "root_cause": [
      {
        "type": "folding_exception",
        "reason": "line 1:9: Cannot find grouping for 'CAST (\"@timestamp\" AS DATE)'"
      }
    ],
    "type": "folding_exception",
    "reason": "line 1:9: Cannot find grouping for 'CAST (\"@timestamp\" AS DATE)'"
  },
  "status": 400
}

Andrei_Stefan · November 20, 2019, 8:19am

Try this one:

SELECT HISTOGRAM(\"@timestamp\", INTERVAL 1 DAY) AS day, MAX(TotalCPULoadMIPS) AS PeakMips FROM testwebsphere WHERE \"@timestamp\" BETWEEN '2019-03-01T00:00:00.000Z' AND '2019-04-30T00:00:00.000Z' GROUP BY day

pgervais · November 20, 2019, 12:51pm

Andrei
Thank you very much for this. It works like a charm!

pgervais · November 20, 2019, 12:59pm

Andrei,
If i modify this slightly ( i removed the MAX operation) as shown below, i get no errors but get nothing back. Why?

POST /_sql?format=csv
{"query":"SELECT HISTOGRAM("@timestamp", INTERVAL 1 DAY) AS day, TotalCPULoadMIPS FROM testwebsphere WHERE "@timestamp" BETWEEN '2019-03-01T00:00:00.000Z' AND '2019-04-30T00:00:00.000Z' GROUP BY day" }

Andrei_Stefan · November 20, 2019, 10:16pm

Probably because the histogram is an aggregation in itself, which means the documents are grouped somehow (in your case they are grouped by day). And when you do an aggregation, you don't get the value of a field because there is no single value: each document in the group has a value for that specific field and it doesn't make sense to get back a value for a group of documents when each document can have a different value for that field.

Instead, you need to apply an aggregating value - like MAX, MIN, AVG - which act on all values of that specific field from that group of documents grouped by the histogram.

system · December 18, 2019, 10:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot use non-grouped column [sales_manager_name], expected [] Elasticsearch	3	2625	January 28, 2019
Group by query with select case when gives error: Connot use non-grouped column (Canvas elasticsearch sql) Kibana elastic-stack-sql , canvas	5	948	November 7, 2022
Cannot group using alias columns Elasticsearch elastic-stack-sql	1	534	February 10, 2022
Elasticsearch SQL in Kibana Kibana	6	601	September 11, 2019
Using @timestamp field in SQL queries Elasticsearch	3	5192	October 8, 2018

Cannot use non-grouped column error. How to get around this?

Related topics