ParsingException[[match] unknown token [START_OBJECT] after [query]]

varun_kumar2 · October 13, 2017, 2:57pm

Getting error

"input": {
            "search": {
             
              "request": {
                "search_type": "query_then_fetch",
                "indices": [
                  "logstash-*"
                ],
                "types": [
                  "logevent"
                ],
                "body": {
                  "query": {
                    "bool": {
                      "must": [
                        {
                          "match": {
                            "level": "Error"
                          }
                        },
                        {
                          "match": {
                            "fields.ApplicationName": "LeadProcessors"
                          }
                        },
                        {
                          "match": {
                            "message": {
                              "query":{ "match_phrase_prefix":"System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                              }
                            }
                          }
                        }
                      ]
                    }
                  },
                  "sort": [
                    {
                      "@timestamp": "desc"
                    }
                  ],
                  "filter": {
                    "range": {
                      "@timestamp": {
                        "from": "now-20m",
                        "to": "now"
                      }
                    }
                  }
                 
              }
              }
            }
          },

Here is the output

{
  "_id": "Integrations.CRMDecorator.LeadsNotFoundInCRM_ac89ac1f-89d7-497d-bc20-08f55160790f-2017-10-13T14:51:27.848Z",
  "watch_record": {
    "watch_id": "Integrations.CRMDecorator.LeadsNotFoundInCRM",
    "state": "failed",
    "_status": {
      "state": {
        "active": true,
        "timestamp": "2017-10-13T14:50:52.176Z"
      },
      "actions": {
        "send_email": {
          "ack": {
            "timestamp": "2017-10-13T14:50:52.176Z",
            "state": "awaits_successful_execution"
          }
        }
      }
    },
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-10-13T14:51:27.848Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-10-13T14:51:27.848Z"
        }
      }
    },
    "input": {
      "search": {
        "request": {
          "search_type": "query_then_fetch",
          "indices": [
            "logstash-*"
          ],
          "types": [
            "logevent"
          ],
          "body": {
            "query": {
              "bool": {
                "must": [
                  {
                    "match": {
                      "level": "Error"
                    }
                  },
                  {
                    "match": {
                      "fields.ApplicationName": "LeadProcessors"
                    }
                  },
                  {
                    "match": {
                      "message": {
                        "query": {
                          "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                        }
                      }
                    }
                  }
                ]
              }
            },
            "sort": [
              {
                "@timestamp": "desc"
              }
            ],
            "filter": {
              "range": {
                "@timestamp": {
                  "from": "now-20m",
                  "to": "now"
                }
              }
            }
          }
        }
      }
    },
    "condition": {
      "script": {
        "inline": "if (ctx.payload.aggregations.minutes20.buckets.size() == 0) return false;def latest = ctx.payload.aggregations.minutes20.buckets[-1]; return latest.occurences.buckets.anyMatch(it->it.doc_count > 0);",
        "lang": "painless"
      }
    },
    "result": {
      "execution_time": "2017-10-13T14:51:27.848Z",
      "execution_duration": 0,
      "input": {
        "type": "search",
        "status": "failure",
        "reason": "ParsingException[[match] unknown token [START_OBJECT] after [query]]",
        "search": {
          "request": {
            "search_type": "query_then_fetch",
            "indices": [
              "logstash-*"
            ],
            "types": [
              "logevent"
            ],
            "body": {
              "query": {
                "bool": {
                  "must": [
                    {
                      "match": {
                        "level": "Error"
                      }
                    },
                    {
                      "match": {
                        "fields.ApplicationName": "LeadProcessors"
                      }
                    },
                    {
                      "match": {
                        "message": {
                          "query": {
                            "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                          }
                        }
                      }
                    }
                  ]
                }
              },
              "sort": [
                {
                  "@timestamp": "desc"
                }
              ],
              "filter": {
                "range": {
                  "@timestamp": {
                    "from": "now-20m",
                    "to": "now"
                  }
                }
              }
            }
          }
        }
      },
      "actions": []
    },
    "messages": [
      "failed to execute watch input"
    ]
  }
}

spinscale · October 16, 2017, 9:13am

can you paste the full/complete watch please?

varun_kumar2 · October 16, 2017, 10:27am

  PUT _xpack/watcher/watch/Integrations.CRMDecorator.LeadsNotFoundInCRM/
{
          "trigger": {
            "schedule": {
              "interval": "20m"
            }
          },
          "input": {
            "search": {
              "request": {
                "search_type": "query_then_fetch",
                "indices": [
                  "logstash-*"
                ],
                "types": [
                  "logevent"
                ],
                "body": {
                  "query": {
                    "bool": {
                      "must": [
                        {
                          "match": {
                            "level": "Error"
                          }
                        },
                        {
                          "match": {
                            "fields.ApplicationName": "LeadProcessors"
                          }
                        },
                        {
                    "match": {
                      "message": {
                        "query": {
                          "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                        }
                      }
                    }
                  }
                ]
              }
            },
                  "sort": [
                    {
                      "@timestamp": "desc"
                    }
                  ],
                  "filter": {
                    "range": {
                      "@timestamp": {
                        "from": "now-20m",
                        "to": "now"
                      }
                    }
                  }
              }
              }
            }
          },
          "condition": {
            "script": {
              "inline": "if (ctx.payload.aggregations.minutes20.buckets.size() == 0) return false;def latest = ctx.payload.aggregations.minutes20.buckets[-1]; return latest.occurences.buckets.anyMatch(it->it.doc_count > 0);",
              "lang":"painless"
 }
          },
          "actions": {
            "send_email": {    "email": {
                "profile": "standard",
                "attach_data": {
                  "format": "json"
                },
                "from": "noreply-watcher@ABC.edu",
                "to": [
                  "vkumar@ABC.edu",
                  "ppabolu@ABC.edu"
                ],
                "subject": "QCE leads not found in CRM",
                "body": {
                  "html": {
                    "inline": "<h1>LG: QCE (Quick Contact Entry) leads not found in CRM</h1><p>View the dashboard <a href=\"http://elc.dashboard.ABCcorp.com/app/kibana#/dashboard/LeadsGateway-CRM-Decorator-LeadsNotFoundInCRM?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'{{ctx.vars.from}}',mode:absolute,to:'{{ctx.trigger.triggered_time}}'))\">here</a>.</p><p>These errors are associated with the leads which originated from CRM (aka, QCE – Quick Contact Entry). When a lead is posted to Leads Gateway from the CRM before it has been fully committed (saved) into CRM, or if QCE was deleted in CRM shortly after it has been posted to LG, the Leads Processor (CRMDecorator) will be unable to get the needed lead data and will throw this error. After 10 retries (with delays in between) the lead will be put into a Dead Letter queue. The lead will have to be deleted from DL queue, and re-entered into CRM if there has not been another QCE already successfully entered by that time.</p><table border='1'><th>Occurences</th><th>InnerMessage</th>{{#ctx.payload._value}}<tr><td>{{doc_count}}</td><td>{{key}}</td></tr>{{/ctx.payload._value}}</table>"
                  }
                }
              }
            }
          },
          "_status": {
            "state": {
              "active": true,
              "timestamp": "2017-09-10T09:11:11.139Z"
            },
            "actions": {
              "send_email": {
                "ack": {
                  "timestamp": "2017-02-10T16:41:44.121Z",
                  "state": "awaits_successful_execution"
                }
              }
            },
            "last_checked": "2017-09-10T01:21:09.832Z"
          }
        }

spinscale · October 18, 2017, 10:32am

Hey,

a part of your query is not a valid query at all. You can just copy your query into a _search action in see it for yourself

        {
          "match": {
            "message": {
              "query": {
                "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
              }
            }
          }
        }

this is the offending part. the query part is wrong. See the match query docs at https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-match-query.html

--Alex

system · November 15, 2017, 10:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ParsingException[Unknown key for a START_OBJECT in [filter].] Elasticsearch	4	6399	November 15, 2017
SOLVED - Error on query for ML Job Elasticsearch elastic-stack-machine-learning	2	2144	October 29, 2018
Facing issue while starting elasticsearch Elasticsearch	4	4956	January 9, 2019
Watcher error unexpected token [START_OBJECT]" Elasticsearch	1	1960	July 5, 2017
Parse Failure [Expected [START_OBJECT] under [filter], but got a [START_ARRAY Elasticsearch	2	9898	July 6, 2017

ParsingException[[match] unknown token [START_OBJECT] after [query]]

Related topics