ParsingException[[match] unknown token [START_OBJECT] after [query]]

varun_kumar2 · October 13, 2017, 2:57pm

Getting error

"input": {
            "search": {
             
              "request": {
                "search_type": "query_then_fetch",
                "indices": [
                  "logstash-*"
                ],
                "types": [
                  "logevent"
                ],
                "body": {
                  "query": {
                    "bool": {
                      "must": [
                        {
                          "match": {
                            "level": "Error"
                          }
                        },
                        {
                          "match": {
                            "fields.ApplicationName": "LeadProcessors"
                          }
                        },
                        {
                          "match": {
                            "message": {
                              "query":{ "match_phrase_prefix":"System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                              }
                            }
                          }
                        }
                      ]
                    }
                  },
                  "sort": [
                    {
                      "@timestamp": "desc"
                    }
                  ],
                  "filter": {
                    "range": {
                      "@timestamp": {
                        "from": "now-20m",
                        "to": "now"
                      }
                    }
                  }
                 
              }
              }
            }
          },

Here is the output

{
  "_id": "Integrations.CRMDecorator.LeadsNotFoundInCRM_ac89ac1f-89d7-497d-bc20-08f55160790f-2017-10-13T14:51:27.848Z",
  "watch_record": {
    "watch_id": "Integrations.CRMDecorator.LeadsNotFoundInCRM",
    "state": "failed",
    "_status": {
      "state": {
        "active": true,
        "timestamp": "2017-10-13T14:50:52.176Z"
      },
      "actions": {
        "send_email": {
          "ack": {
            "timestamp": "2017-10-13T14:50:52.176Z",
            "state": "awaits_successful_execution"
          }
        }
      }
    },
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-10-13T14:51:27.848Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-10-13T14:51:27.848Z"
        }
      }
    },
    "input": {
      "search": {
        "request": {
          "search_type": "query_then_fetch",
          "indices": [
            "logstash-*"
          ],
          "types": [
            "logevent"
          ],
          "body": {
            "query": {
              "bool": {
                "must": [
                  {
                    "match": {
                      "level": "Error"
                    }
                  },
                  {
                    "match": {
                      "fields.ApplicationName": "LeadProcessors"
                    }
                  },
                  {
                    "match": {
                      "message": {
                        "query": {
                          "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                        }
                      }
                    }
                  }
                ]
              }
            },
            "sort": [
              {
                "@timestamp": "desc"
              }
            ],
            "filter": {
              "range": {
                "@timestamp": {
                  "from": "now-20m",
                  "to": "now"
                }
              }
            }
          }
        }
      }
    },
    "condition": {
      "script": {
        "inline": "if (ctx.payload.aggregations.minutes20.buckets.size() == 0) return false;def latest = ctx.payload.aggregations.minutes20.buckets[-1]; return latest.occurences.buckets.anyMatch(it->it.doc_count > 0);",
        "lang": "painless"
      }
    },
    "result": {
      "execution_time": "2017-10-13T14:51:27.848Z",
      "execution_duration": 0,
      "input": {
        "type": "search",
        "status": "failure",
        "reason": "ParsingException[[match] unknown token [START_OBJECT] after [query]]",
        "search": {
          "request": {
            "search_type": "query_then_fetch",
            "indices": [
              "logstash-*"
            ],
            "types": [
              "logevent"
            ],
            "body": {
              "query": {
                "bool": {
                  "must": [
                    {
                      "match": {
                        "level": "Error"
                      }
                    },
                    {
                      "match": {
                        "fields.ApplicationName": "LeadProcessors"
                      }
                    },
                    {
                      "match": {
                        "message": {
                          "query": {
                            "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                          }
                        }
                      }
                    }
                  ]
                }
              },
              "sort": [
                {
                  "@timestamp": "desc"
                }
              ],
              "filter": {
                "range": {
                  "@timestamp": {
                    "from": "now-20m",
                    "to": "now"
                  }
                }
              }
            }
          }
        }
      },
      "actions": []
    },
    "messages": [
      "failed to execute watch input"
    ]
  }
}

spinscale · October 16, 2017, 9:13am

can you paste the full/complete watch please?

varun_kumar2 · October 16, 2017, 10:27am

  PUT _xpack/watcher/watch/Integrations.CRMDecorator.LeadsNotFoundInCRM/
{
          "trigger": {
            "schedule": {
              "interval": "20m"
            }
          },
          "input": {
            "search": {
              "request": {
                "search_type": "query_then_fetch",
                "indices": [
                  "logstash-*"
                ],
                "types": [
                  "logevent"
                ],
                "body": {
                  "query": {
                    "bool": {
                      "must": [
                        {
                          "match": {
                            "level": "Error"
                          }
                        },
                        {
                          "match": {
                            "fields.ApplicationName": "LeadProcessors"
                          }
                        },
                        {
                    "match": {
                      "message": {
                        "query": {
                          "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
                        }
                      }
                    }
                  }
                ]
              }
            },
                  "sort": [
                    {
                      "@timestamp": "desc"
                    }
                  ],
                  "filter": {
                    "range": {
                      "@timestamp": {
                        "from": "now-20m",
                        "to": "now"
                      }
                    }
                  }
              }
              }
            }
          },
          "condition": {
            "script": {
              "inline": "if (ctx.payload.aggregations.minutes20.buckets.size() == 0) return false;def latest = ctx.payload.aggregations.minutes20.buckets[-1]; return latest.occurences.buckets.anyMatch(it->it.doc_count > 0);",
              "lang":"painless"
 }
          },
          "actions": {
            "send_email": {    "email": {
                "profile": "standard",
                "attach_data": {
                  "format": "json"
                },
                "from": "noreply-watcher@ABC.edu",
                "to": [
                  "vkumar@ABC.edu",
                  "ppabolu@ABC.edu"
                ],
                "subject": "QCE leads not found in CRM",
                "body": {
                  "html": {
                    "inline": "<h1>LG: QCE (Quick Contact Entry) leads not found in CRM</h1><p>View the dashboard <a href=\"http://elc.dashboard.ABCcorp.com/app/kibana#/dashboard/LeadsGateway-CRM-Decorator-LeadsNotFoundInCRM?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'{{ctx.vars.from}}',mode:absolute,to:'{{ctx.trigger.triggered_time}}'))\">here</a>.</p><p>These errors are associated with the leads which originated from CRM (aka, QCE – Quick Contact Entry). When a lead is posted to Leads Gateway from the CRM before it has been fully committed (saved) into CRM, or if QCE was deleted in CRM shortly after it has been posted to LG, the Leads Processor (CRMDecorator) will be unable to get the needed lead data and will throw this error. After 10 retries (with delays in between) the lead will be put into a Dead Letter queue. The lead will have to be deleted from DL queue, and re-entered into CRM if there has not been another QCE already successfully entered by that time.</p><table border='1'><th>Occurences</th><th>InnerMessage</th>{{#ctx.payload._value}}<tr><td>{{doc_count}}</td><td>{{key}}</td></tr>{{/ctx.payload._value}}</table>"
                  }
                }
              }
            }
          },
          "_status": {
            "state": {
              "active": true,
              "timestamp": "2017-09-10T09:11:11.139Z"
            },
            "actions": {
              "send_email": {
                "ack": {
                  "timestamp": "2017-02-10T16:41:44.121Z",
                  "state": "awaits_successful_execution"
                }
              }
            },
            "last_checked": "2017-09-10T01:21:09.832Z"
          }
        }

spinscale · October 18, 2017, 10:32am

Hey,

a part of your query is not a valid query at all. You can just copy your query into a _search action in see it for yourself

        {
          "match": {
            "message": {
              "query": {
                "match_phrase_prefix": "System.Exception: CRMRepository.CreatePostLead failed for LeadId:"
              }
            }
          }
        }

this is the offending part. the query part is wrong. See the match query docs at https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-match-query.html

--Alex

system · November 15, 2017, 10:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Facing issue while starting elasticsearch Elasticsearch	4	4944	January 9, 2019
Parse Failure [Expected [START_OBJECT] under [filter], but got a [START_ARRAY Elasticsearch	2	9886	July 6, 2017
Es 5.5.1 [size] query malformed, no start_object after query name Elasticsearch	1	2050	September 7, 2017
Unknown key for a START_OBJECT in [filter] Elasticsearch	5	23999	November 27, 2017
Query string containing the "/" (forward slash) raises the error "Cannot parse ... Encountered: <EOF>" Elasticsearch elastic-stack-alerting	10	7683	May 6, 2020

ParsingException[[match] unknown token [START_OBJECT] after [query]]

Related Topics