Does Discover page support elastic query DSL in Kibana 4.6?

I am new to Kibana and ES. I am using Kibana 4.6 . I have read the Kibana 4.6 documentation and it says Discover page in Kibana supports full JSON DSL queries (Discover | Kibana Guide [8.11] | Elastic). But when I enter json query with aggregation it shows "Parse queries failed error". Can someone help me out? I am trying to visualize my search query but this error is blocking me. I am trying to run the following query. It runs fine in Sense.

{
"query": {
"regexp": {
"body.message": ".ended."
}
},
"aggs": {
"group_device": {
"terms": {
"field": "serialNumber"
},
"aggs": {
"group_state": {
"terms": {
"script": {
"lang": "groovy",
"file": "extract_state"
}
},
"aggs": {
"group_time": {
"avg": {
"script": {
"lang": "groovy",
"file": "extract_time"
}
}
}
}
}
}
}
}, "size" : 0
}

Can you capture a screenshot of the error and also check the Elasticsearch log to see what is the parse exception that is thrown?

1914×1013 43.9 KB

ES Logs

[2016-09-28 10:48:24,027][DEBUG][action.search ] [Penance II] [logs_test][1], node[SbDY-QgkTlm2O15ot4Z2Jw], [P], v[8], s[STARTED], a[id=5MfhOwekTH6rPWW56u33Nw]: Failed to execute [org.elasticsearch.action.search.SearchRequest@14fad732] lastShard [true]
RemoteTransportException[[Penance II][127.0.0.1:9300][indices:data/read/search[phase/query]]]; nested: SearchParseException[failed to parse search source [{"size":500,"sort":[{"_score":{"order":"desc","unmapped_type":"boolean"}}],"query":{"query":{"regexp":{"body.message":".ended."}},"aggs":{"group_device":{"terms":{"field":"serialNumber"},"aggs":{"group_state":{"terms":{"script":{"lang":"groovy","file":"extract_state"}},"aggs":{"group_time":{"avg":{"script":{"lang":"groovy","file":"extract_time"}}}}}}}},"size":0},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"":{}},"require_field_match":false,"fragment_size":2147483647},"fields":["","_source"],"script_fields":{},"fielddata_fields":["createdAt","updatedAt"]}]]; nested: ElasticsearchParseException[failed to parse search source. expected field name but got [START_OBJECT]];
Caused by: SearchParseException[failed to parse search source [{"size":500,"sort":[{"_score":{"order":"desc","unmapped_type":"boolean"}}],"query":{"query":{"regexp":{"body.message":".ended."}},"aggs":{"group_device":{"terms":{"field":"serialNumber"},"aggs":{"group_state":{"terms":{"script":{"lang":"groovy","file":"extract_state"}},"aggs":{"group_time":{"avg":{"script":{"lang":"groovy","file":"extract_time"}}}}}}}},"size":0},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"":{}},"require_field_match":false,"fragment_size":2147483647},"fields":["","_source"],"script_fields":{},"fielddata_fields":["createdAt","updatedAt"]}]]; nested: ElasticsearchParseException[failed to parse search source. expected field name but got [START_OBJECT]];
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:873)
at org.elasticsearch.search.SearchService.createContext(SearchService.java:667)
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:633)
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:377)
at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:368)
at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:365)
at org.elasticsearch.transport.TransportRequestHandler.messageReceived(TransportRequestHandler.java:33)
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:77)
at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:376)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: ElasticsearchParseException[failed to parse search source. expected field name but got [START_OBJECT]]
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:861)
... 12 more

It looks like you've only got part of your query in the Kibana query bar? This exception usually indicates you've got a malformed query but I can't see anything wrong with the full query you've shown and it appears to parse correctly in a JSON linter.

Thank you for the response. I have given entire query in the query bar, but only part is captured in screenshot. I am not sure what's wrong, it runs fine in sense. It would be really helpful, if you can give a sample aggregation query that runs in Kibana query bar,