Elasticsearch watcher error for RANGE query

hi everyone . It would be helpful if someone can help me with this
PUT _xpack/watcher/watch/log_error_watch
{
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"search": {
"request": {
"indices": [
"filebeat-2017.01.02"
],
"body": {
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],

      "query": {
        "range": {
          "offset": {
            "gte": 1000,
            "lte": 2000
          }
        }, 

        "match": {
          "source": "/var/log/apache2/access.log"
        }
      },
      "size": 5
    }
  }
}

}
}

o.e.m.j.JvmGcMonitorService] [hj-test156] [gc][11042] overhead, spent [701ms] collecting in the last [1s] [2017-01-02T15:32:04,311][ERROR][o.e.x.w.i.s.ExecutableSimpleInput] [hj-test156] failed to execute [search] input for watch [log_error_watch], reason [[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME]]

Hey,

you should use the bool-query to combine the range and match queries.

The part of the query then should look like the following:

"query": {
        "bool": {
          "must": [
            {
              "range": {
                "offset": {
                  "gte": 1000,
                  "lte": 2000
                }
              }
            },
            {
              "match": {
                "source": "/var/log/apache2/access.log"
              }
            }
          ]
        }
      }

thank you nick for the help

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.