I can't figure out why I'm getting this response.. I'm pretty much taking this example from the documentation.. Why am I getting, "No query registered for [filter]" ?
Here's my request:
{ "trigger" : { "schedule" : { "interval" : "60s" } }, "input" : { "search" : { "request" : { "indices" : [ "logstash*" ], "body" : { "query" : { "filtered" : { "query" : {"match" : {"message": "HSM_DISCONNECTED"}}, "filter" : {"range" : {"@timestamp" : {"gte" : "now-1d"}}} } } } } } }, "condition" : { "compare" : { "ctx.payload.hits.total" : { "gt" : 0 }} }, "actions" : { "log_error" : { "logging" : { "text" : "Found {{ctx.payload.hits.total}} errors in the logs" } }, "notify-slack" : { "throttle_period" : "15m", "slack" : { "account" : "monitoring", "message" : { "from" : "@elkbot", "to" : [ "@mwurtz" ], "text" : "HSM_DISCONNECTED!", "attachments" : [ { "title" : "Errors Found", "text" : "Encountered {{ctx.payload.hits.total}} errors in the last 5 minutes (facepalm)", "color" : "danger" } ] } } } } }
and here's my response:
{ "error": { "root_cause": [ { "type": "parsing_exception", "reason": "No query registered for [filter]", "line": 11, "col": 26 } ], "type": "parsing_exception", "reason": "No query registered for [filter]", "line": 11, "col": 26 }, "status": 400 }