[multi_match] unknown token [START_ARRAY] after [query]

anujtom · March 26, 2025, 11:54am

Hi,

I am trying to fetch fields within same attribute to send response.

Fetch "abc" "yui" pattern from full_message attribute.

GET /my_index/_search
{
"query": {
"multi_match": {
"query": [ "abc" , "yui" ] ,
"fields": "full_message"
}
}
}

Response:-

{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[multi_match] unknown token [START_ARRAY] after [query]",
"line": 4,
"col": 18
}
],
"type": "parsing_exception",
"reason": "[multi_match] unknown token [START_ARRAY] after [query]",
"line": 4,
"col": 18
},
"status": 400
}

Can someone please help

RabBit_BR · March 26, 2025, 12:10pm

Hi @anujtom Welcome!

The query is incorrect, try as the documentation says:

GET /_search
{
  "query": {
    "multi_match" : {
      "query":    "this is a test", 
      "fields": [ "subject", "message" ] 
    }
  }
}

anujtom · May 20, 2025, 11:36am

Hi,

GET /index1/_search
{
"size": 10000,
"query": {
"bool": {
"filter": [
{
"match_phrase": {
"agent.name": ["localhost1","localhost2",""localhost3"]
}
}
]
}
},
"fields": [
"full_message",
"agent.name"
],
"_source": false
}

I am trying to return full_message and agent_name from all the hosts(localhost1, localhost2...localhostN) but it seems array input not working with match_phrase

Below is the error:-

{
"error": {
"root_cause": [
{
"type": "x_content_parse_exception",
"reason": "[1:122] [bool] failed to parse field [filter]"
}
],
"type": "x_content_parse_exception",
"reason": "[1:122] [bool] failed to parse field [filter]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Expected text at 1:122 but found START_ARRAY"
}
},
"status": 400
}

Tortoise · May 20, 2025, 12:26pm

Hi,

There seems to be a syntax error for below : 2 quotes instead of 1
""localhost3"

GET /index1/_search
{
"size": 10000,
"query": {
"bool": {
"filter": [
{
"match_phrase": {
"agent.name": ["localhost1","localhost2",""localhost3"]
}
}
]
}
},
"fields": [
"full_message",
"agent.name"
],
"_source": false
}

Thanks!!

anujtom · May 20, 2025, 12:57pm

Not working even after removing wrong syntax by mistake:-

GET /index1/_search
{
"size": 10000,
"query": {
"bool": {
"filter": [
{
"match_phrase": {
"agent.name": ["localhost1","localhost2","localhost3"]
}
}
]
}
},
"fields": [
"full_message",
"agent.name"
],
"_source": false
}

My simple ask is to return full_message and agent_name field from all the Hosts which mentioned in match_phrase condition
Error:-

{
"error": {
"root_cause": [
{
"type": "x_content_parse_exception",
"reason": "[1:122] [bool] failed to parse field [filter]"
}
],
"type": "x_content_parse_exception",
"reason": "[1:122] [bool] failed to parse field [filter]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Expected text at 1:122 but found START_ARRAY"
}
},
"status": 400
}

Christian_Dahlqvist · May 20, 2025, 1:14pm

I don't think I have ever seen match_phrase used with an array. Maybe try to a bool query with 3 separate match_phrase queries under should clauses?

Topic		Replies	Views
Getting "parsing_exception","reason":"[terms] unknown token [END_ARRAY] trying to do multiple field filter Elasticsearch	2	7917	May 15, 2017
Using match phrase in multiple fields Elasticsearch	1	583	July 5, 2017
Query string syntax for exact match against array field? Elasticsearch	5	5533	July 6, 2017
Phrase query matches across array elements? Elasticsearch	6	2424	July 6, 2017
How to use exact match in multi_match using elasticsearch php Elasticsearch	2	3560	July 5, 2017

[multi_match] unknown token [START_ARRAY] after [query]

Related topics