Hi,
If you haven't changed your query clause to what I recommend, you will get this error because there is a syntax problem in your query clause. You are not properly making an array of clauses in the filter section. You have to look close at the matching {} brackets to see.
Please modify it to the following and you'll be fine:
"query": {
"bool": {
"filter": [
{
"range": {
"timestamp": {
"gte": "now-3m"
}
}
},
{
"match": {
"message": "404"
}
}
]
}
}