Description:
The application has the ability to filter the date by key values. For example, if you need to display all items in which "Result: success";
For one of the keys, the value is always in the form of a JS object, with quotes, etc. This results in elasticsearch not being able to parse the JSON correctly. For example, we are looking for all items in which the property changeSet: {'filteringRuleName': null}
The question is: how to work with such a request so that the Elastic can process it normally?
Fragment of a working request(In this case, I am looking for a date with property action = EDIT):
"query_string": { "query": "action:EDIT"}
Fragment of a non-working query example*(In this case, I am looking for a date whose property changeSet = {'filteringRuleName': null})*:
"query_string": { "query": "changeSet:{'filteringRuleName':null}"}
Returned error code:
"reason": {
"type": "query_shard_exception",
"reason": "Failed to parse query [changeSet:{'filteringRuleName':null}]",
"index_uuid": "h0xXZj0eQGWrSIYTcfv5nQ",
"index": "cxc-audit-22-30-2021.02.05",
"caused_by": {
"type": "parse_exception",
"reason": "parse_exception: Cannot parse 'changeSet:{'filteringRuleName':null}': Encountered \" \"}\" \"} \"\" at line 1, column 35.\nWas expecting:\n \"TO\" ...\n ",
"caused_by": {
"type": "parse_exception",
"reason": "parse_exception: Encountered \" \"}\" \"} \"\" at line 1, column 35.\nWas expecting:\n \"TO\" ...\n "
}
}
}