Issues while using SQL queries with curl

tarund · March 11, 2020, 11:47am

Hi there,

I am trying to export data out of Elasticsearch into csv files using SQL queries through curl. Most of the basic queries work fine, but when I try to use LIKE operator or CASE WHEN operators, I get exceptions. Same queries work fine from Kibana dev console.
Can you please help ?
Please find below queries & exceptions recvd -

curl -XGET "http://20.62.27.19:9200/_sql?format=csv" -H 'Content-Type: application/json' -d'{ "query": "\n SELECT HISTOGRAM("@timestamp", INTERVAL 1 HOUR) AS t,COUNT(*) AS count\n FROM "rtransactions"\n WHERE event LIKE "mp%trof%"\n GROUP BY t\n " }'

"error":{"root_cause":[{"type":"parsing_exception","reason":"line 1:152: mismatched input '"mp%trof%"' expecting {'?', STRING}"}],"type":"parsing_exception","reason":"line 1:152: mismatched input '"mp%trof%"' expecting {'?', STRING}","caused_by":{"type":"input_mismatch_exception","reason":null}},"status":400}

matriv · March 11, 2020, 3:07pm

You need single quotes around the string literals and you need to escape them properly:

curl -XGET "http://20.62.27.19:9200/_sql?format=csv" -H 'Content-Type: application/json' -d'{ "query": "SELECT HISTOGRAM(\"@timestamp\", INTERVAL 1 HOUR) AS t,COUNT(*) AS count FROM \"rtransactions\" WHERE event LIKE '"'"'mp%trof%'"'"' GROUP BY t" }'

tarund · March 12, 2020, 6:34am

Thanks @matriv. it worked. I had tried both single & double quotes but I was using \ to escape.
Can you help me understand the syntax for escaping string literals.
I tried your solution inside a CASE WHEN clause, but that didn't work. It didn't throw an error, but the docs were not filtered and went in the ELSE block.

matriv · March 12, 2020, 11:18am

If it was SQL statement on the CLI for example it would simply be:

SELECT HISTOGRAM("@timestamp", INTERVAL 1 HOUR) AS t,COUNT(*) AS count FROM "rtransactions" WHERE event LIKE 'mp%trof%' GROUP BY t

Now since you are inside a json document you have to escape the " as \".
The single quotes wouldn't need escaping but because you are in the shell and you have an open ' for the body you have to escape them as shown.

tarund · March 12, 2020, 1:30pm

But it still doesn't work inside a CASE WHEN clause. It didn't throw an error, but the docs were not filtered and went in the ELSE block. Please suggest what am I missing ?

curl -XGET "http://20.62.27.19:9200/_sql?format=csv" -H 'Content-Type: application/json' -d'{ "query": " SELECT HISTOGRAM("@timestamp", INTERVAL 1 HOUR) AS t,COUNT(*) AS count, CASE WHEN labels.event LIKE '"'"'c%ato%'"'"' THEN 1 WHEN labels.event LIKE '"'"'c%rot%'"'"' THEN 2 ELSE 4 END AS type FROM "atransaction" GROUP BY t,type " }'

matriv · March 12, 2020, 3:10pm

@tarund,

You still need to escape the " around @timestamp and atransaction with \.
There is a bug regarding the usage of LIKE inside another scalar function (in your case: CASE WHEN ... ELSE ... END).

Thanks for catching that!

system · April 9, 2020, 3:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with SQL query when using RLIKE or LIKE function Kibana elastic-stack-sql	6	1151	June 29, 2021
Error with _sql query with curl Elasticsearch eql-elastic-query-language	5	771	March 3, 2022
Export CSV data from Elasticsearch using Logstash Logstash	3	452	May 27, 2021
Sql access query not working via curl Elasticsearch elastic-stack-sql	9	2635	February 28, 2020
cURL - Could not get simple GET to work Elasticsearch	5	4266	May 3, 2018

Issues while using SQL queries with curl

Related Topics