We have currently an Elastic Search Stack release 6.2.4 installed on our server. It was updated from 5.2 (via 5.6). I've been trying to search all entries where the field "session" begins with a specific uuid, using filters such as the following:
{
"query": {
"regexp": {
"session": "767c0e43-70bd-4603-b1c7-ff719dd2f5b6.*"
}
}
}
But with this particular regular exception, it throws me the following exception:
Discover: Unable to parse/serialize body
Error: Unable to parse/serialize body
ErrorAbstract@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:111:151667
errors.Serialization@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:111:152992
respond@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:111:161112
checkRespForFailure@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:111:160796
AngularConnector.prototype.request/<@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:105:285482
processQueue@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:58:132456
scheduleProcessQueue/<@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:58:133349
$digest@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:58:144239
$apply@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:58:147007
done@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:58:100015
completeRequest@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:58:104697
createHttpBackend/</xhr.onload@http://[redacted]:5601/bundles/vendors.bundle.js?v=16627:58:105435
The filter is obviously well-formed JSON and I've checked with a POST _search
that the data it gets from Elasticsearch are well-formed too. The weird thing is that with other (expected) value in the regexp Kibana does display the search result without any issue.
I've also looked in the elasticsearch logs and used journalctl -u kibana.service
but I am at a loss as to why this particular filter fails.
EDIT: Maybe there is an alternative way to achieve what I want to achieve without triggering any "Unable to parse" exception?
EDIT2: The HTTP response when doing the search seems to be truncated and this is the reason why it fails. Now to find out why it is the case and how to fix that.
EDIT3: I got evidence of other use case where the JSON response was truncated the same way, without using the regexp filter.