Elasticsearch search


There is a document in this way in ElasticSearch 6.8 Version
"_index": "XYZ-1582934400000",
"_type": "XYZ",
"_id": "bn1top/10006979936515",
"_score": 11.2877655,

When i run the below command, its running ok and returning one document
curl "http://username:password@hostname:8080/XYZ/_search?default_operator=AND&q=rmaid%3Abn1top&size=2"

But when i run this command, its giving error
curl "http://username:password@hostname:8080/_sql?format=txt" -d "{"query" : "select * from XYZ limit 10" }"

403 Forbidden

403 Forbidden

nginx/1.10.3 (Ubuntu)

Could you please help me identify what's the issue.


ElasticSearch 6.8 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns :elasticheart: )

Wrong syntax see here

And please upgrade as a matter of urgency

POST /_xpack/sql?format=txt
    "query": "SELECT * FROM library ORDER BY page_count DESC LIMIT 5"

There looks to be nginx proxy in front of Elasticsearch, you might want to talk directly to Elasticsearch.

1 Like

I will talk to my team about ES Version.

Revised my command but its still failing

curl -v "http://username:password@hostname:8080/_xpack/sql?format=txt" -d "{"query" : "select fieldname from xyz limit 10" }" -H "Content-Type: application/json"

* Server auth using Basic with user '...'
> POST /_xpack/sql?format=txt HTTP/1.1
> Host: ...
> Authorization: Basic ...
> User-Agent: curl/7.79.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 55
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: nginx/1.10.3 (Ubuntu)
< Date: Tue, 28 Jun 2022 08:47:57 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
* Connection #0 to host ... left intact


Again, you are talking to an nginx proxy. You need to talk to Elasticsearch on port 9200 to make sure this is not an nginx issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.