Incorrect queries in docs?

Elastic Stack Kibana
1

I'm copy-pasting a query from this page: Scripted metric aggregation | Elasticsearch Guide [7.17] | Elastic

the query is

{
  "query": {
    "match_all": {}
  },
  "aggs": {
    "profit": {
      "scripted_metric": {
        "init_script": "state.transactions = []", 
        "map_script": "state.transactions.add(doc.type.value == 'sale' ? doc.amount.value : -1 * doc.amount.value)",
        "combine_script": "double profit = 0; for (t in state.transactions) { profit += t } return profit",
        "reduce_script": "double profit = 0; for (a in states) { profit += a } return profit"
      }
    }
  }
}

However, Kibana is throwing an error: "Request error: parsing_exception, [match_all] malformed query, expected [END_OBJECT] but found [FIELD_NAME]".
I understand that the query will not work on my cluster because of the field names, but this seems to be an issue with the format, and I'm not really why I'm getting this error? I tried different things and sometimes I get an error that "aggs" is an unknown field.

2

Hi Mohamed,

Welcome to the Elastic Community! :wave: I ran the below, which is pasted directly from the docs guide, against a test index of mine quickly which doesn't have the field names and I get a different error.

QUERY:

POST my_index/_search?size=0
{
  "query": {
    "match_all": {}
  },
  "aggs": {
    "profit": {
      "scripted_metric": {
        "init_script": "state.transactions = []", 
        "map_script": "state.transactions.add(doc.type.value == 'sale' ? doc.amount.value : -1 * doc.amount.value)",
        "combine_script": "double profit = 0; for (t in state.transactions) { profit += t } return profit",
        "reduce_script": "double profit = 0; for (a in states) { profit += a } return profit"
      }
    }
  }
}

ERROR:

"script": "state.transactions.add(doc.type.value == 'sale' ? doc.amount.value : -1 * doc.amount.value)",
          "lang": "painless",
          "position": {
            "offset": 26,
            "start": 0,
            "end": 91
          },
          "caused_by": {
            "type": "illegal_argument_exception",
            "reason": "No field found for [type] in mapping"
          }

I expect this error as I don't have that field in my index mapping. Can you share the mapping for the index you are running this query against? Can you also confirm you're running without any changes to the example?

3

Thank you very much for your reply @carly.richmond. I didn't change the examples, and I would have expected indeed an error regarding the non-existing names, but instead I got different errors, like the one I shared in the first post or sometimes about "aggs" not being recognized. I thought it was weird because these are defined keywords that should be recognized.

I guess my mistake is that I'm using this in Kibana to add filters, which uses DSL rather than the full ES query language. Still, some queries I copied directly from the DSL docs didn't work.

For example

{
  "query": {
    "bool": {
      "filter": {
        "script": {
          "script": """
            double amount = doc['amount'].value;
            if (doc['type'].value == 'expense') {
              amount *= -1;
            }
            return amount < 10;
          """
        }
      }
    }
  }
}

This is copied from this page: Script query | Elasticsearch Guide [7.17] | Elastic.

The problem there was with the format. It didn't accept the multi-line script.

I worked around the issues by creating simpler queries/filters, so I no longer need to use scripts or aggregations.

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.