Getting error while fetching Array field using elasticsearch-sql-cli

Hi Team,

I am using elasticsearch-sql-cli to fetch host.ip field value from an index called "filebeattest".
The value of host.ip is shown as "10.1.10.24, 2603:301b:1080:e000:250:56ff:fe87:4, fe80::250:56ff:fe87:4" in Kibana GUI.

But I am getting following error when I execute the sql query:
sql> select "host.ip" from filebeattest;
Server error [Server encountered an error [Arrays (returned by [host.ip]) are not supported]. [QlIllegalArgumentException[Arrays (returned by [host.ip]) are not supported]
at org.elasticsearch.xpack.ql.execution.search.extractor.AbstractFieldHitExtractor.unwrapMultiValue(AbstractFieldHitExtractor.java:168)
at org.elasticsearch.xpack.ql.execution.search.extractor.AbstractFieldHitExtractor.extractFromSource(AbstractFieldHitExtractor.java:262)
at org.elasticsearch.xpack.ql.execution.search.extractor.AbstractFieldHitExtractor.extract(AbstractFieldHitExtractor.java:149)
at org.elasticsearch.xpack.sql.execution.search.SearchHitRowSet.extractValue(SearchHitRowSet.java:128)

Can anyone please suggest any changes to make it work.

Thanks in advance,
Mahesh

@MaheshMali,

You've unfortunately stepped on a bug.
I've opened an issue to have it fixed.
Sorry for that.

Because of it, those fields containing multi-values (i.e. arrays) can't be selected currently with the CLI. It will work if you use the REST interface and set the field_multi_value_leniency parameter to true, if that could be a workaround for now.

Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.