"No query registered for [filter]"

alerting

(Mike Wurtz) #1

I can't figure out why I'm getting this response.. I'm pretty much taking this example from the documentation.. Why am I getting, "No query registered for [filter]" ?

Here's my request:
{ "trigger" : { "schedule" : { "interval" : "60s" } }, "input" : { "search" : { "request" : { "indices" : [ "logstash*" ], "body" : { "query" : { "filtered" : { "query" : {"match" : {"message": "HSM_DISCONNECTED"}}, "filter" : {"range" : {"@timestamp" : {"gte" : "now-1d"}}} } } } } } }, "condition" : { "compare" : { "ctx.payload.hits.total" : { "gt" : 0 }} }, "actions" : { "log_error" : { "logging" : { "text" : "Found {{ctx.payload.hits.total}} errors in the logs" } }, "notify-slack" : { "throttle_period" : "15m", "slack" : { "account" : "monitoring", "message" : { "from" : "@elkbot", "to" : [ "@mwurtz" ], "text" : "HSM_DISCONNECTED!", "attachments" : [ { "title" : "Errors Found", "text" : "Encountered {{ctx.payload.hits.total}} errors in the last 5 minutes (facepalm)", "color" : "danger" } ] } } } } }

and here's my response:

{ "error": { "root_cause": [ { "type": "parsing_exception", "reason": "No query registered for [filter]", "line": 11, "col": 26 } ], "type": "parsing_exception", "reason": "No query registered for [filter]", "line": 11, "col": 26 }, "status": 400 }


(Alexander Reelsen) #2

Hey,

the docs are referring to a deprecated query. Instead of a filtered query containing of a query and a filter part, you can use a bool query, that consists of a must part (which contains the match query) and a filter part. See the bool query for more info.

Hope this helps.

--Alex


(Rajesh M) #3

wrong product
chosen


(Vladimír Čamaj) #4

Why one is good?


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.