Error : There are no external requests known to support wildcards that don't support replacing their indices

Hi,
I was wondering if anyone could help me with my problem:

I have a template and number of indices are mapped using the template.
i.e.
cdr_xyz_1234
cdr_xyz_5689
cdr_xyz_9876

I run a search query on all the indices and it works fine
GET cdr_xyz_*/_search
{
"size": 10000,
"query": {
"bool": {
"filter": [
{
"range": {
"call_datetime_iso": {
"gte": "2019-11-20"
}
}
}
]
}
}
}

but if I run a aggregate search query

GET cdr_xyz_*/_serach
{ "size" : 0,
"query":
{"bool":
{"must":
[
{"match": {"call_type": "MOBILE"}}
]
}
},
"aggs":
{"account":
{"terms": {"field": "accountid.keyword"},
"aggs":
{"calls_over_time":
{"date_histogram":
{"field": "call_datetime_iso", "interval": "week"}
}
}
}
}
}

I get this
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:admin/create] is unauthorized for user [elastic]"
}
],
"type": "security_exception",
"reason": "action [indices:admin/create] is unauthorized for user [elastic]",
"caused_by": {
"type": "illegal_state_exception",
"reason": "There are no external requests known to support wildcards that don't support replacing their indices"
}
},
"status": 403
}

I even created a user with the role which has "cdr_xyz_*" all privileges but still get the same error.
Could you please tell me how to resolve this issue.

Many thanks

Try _search.

Thanks Geln. That was a mistype when I create the sample.
I changes the {"terms": {"field": "accountid.keyword"} to {"terms": {"field": "accountid"} and it seems to work but I don't know why as the accountid is mapped as keyword!!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.