Elasticsearch search

chandramouli_ravi · June 28, 2022, 4:34am

Hi,

There is a document in this way in ElasticSearch 6.8 Version
"_index": "XYZ-1582934400000",
"_type": "XYZ",
"_id": "bn1top/10006979936515",
"_score": 11.2877655,

When i run the below command, its running ok and returning one document
curl "http://username:password@hostname:8080/XYZ/_search?default_operator=AND&q=rmaid%3Abn1top&size=2"

But when i run this command, its giving error
curl "http://username:password@hostname:8080/_sql?format=txt" -d "{"query" : "select * from XYZ limit 10" }"

403 Forbidden

nginx/1.10.3 (Ubuntu)

Could you please help me identify what's the issue.

Thanks,
Chandra

system · June 28, 2022, 4:34am

ElasticSearch 6.8 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

stephenb · June 28, 2022, 4:48am

Wrong syntax see here

And please upgrade as a matter of urgency

POST /_xpack/sql?format=txt
{
    "query": "SELECT * FROM library ORDER BY page_count DESC LIMIT 5"
}

warkolm · June 28, 2022, 4:51am

There looks to be nginx proxy in front of Elasticsearch, you might want to talk directly to Elasticsearch.

chandramouli_ravi · June 28, 2022, 8:49am

I will talk to my team about ES Version.

Revised my command but its still failing

curl -v "http://username:password@hostname:8080/_xpack/sql?format=txt" -d "{"query" : "select fieldname from xyz limit 10" }" -H "Content-Type: application/json"

Trying 10.0.71.26:8080...
Connected to mt.analytical-elasticsearch.service.prod1.riskmatch.com (10.0.71.26) port 8080 (#0)

* Server auth using Basic with user '...'
> POST /_xpack/sql?format=txt HTTP/1.1
> Host: ...
> Authorization: Basic ...
> User-Agent: curl/7.79.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 55
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: nginx/1.10.3 (Ubuntu)
< Date: Tue, 28 Jun 2022 08:47:57 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>
* Connection #0 to host ... left intact

Thanks,
Chandra

warkolm · June 28, 2022, 10:36am

Again, you are talking to an nginx proxy. You need to talk to Elasticsearch on port 9200 to make sure this is not an nginx issue.

system · July 26, 2022, 10:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.