Elasticsearch Malformed Query, Expected [END_OBJECT] but found [Field_Name]

Elastic Stack Elasticsearch
1

Hello,
I am trying to run reindex with query but getting the error Malformed Query, Expected [END_OBJECT] but found [Field_Name].

{
  "source": {
    "index": "index-*",
    "_source" : [ "@timestamp", "message"],
    "query": {
      "bool": {
        "filter": [
          {
           "term": {
            "log.file.path": "server.log"
           },
           "range": {
             "@timestamp": {
               "gte": "now-2d/d",
               "lte": "now/d"
             }
           }
          }
        ],
        "should": [
             {
            "match_phrase": {
              "message": "response"
             }
           },
          {
           "match_phrase": {
              "message": "request"
            }
          }
        ],
        "minimum_should_match": 1
      }
    }
  },
  "dest": {
    "index": "test-001"
  }
}

(I am trying to filter documents from the index with that contains "log.file.path" as "server.log", either contains "request" or "response" and also trying to get only the last 24 hours documents. Everything else works if I remove the range @timestamp part)

2

Hi @elrozario

The error is in Filter.

Try this:

"filter": [
          {
            "term": {
              "log.file.path": "server.log"
            }
          },
          {
            "range": {
              "@timestamp": {
                "gte": "now-2d/d",
                "lte": "now/d"
              }
            }
          }
        ]
3

Hi @RabBit_BR

Thank you for the solution.

This is working after I modified the "filter" as you advised.

Regards,
Elizabeth

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.