Query from ES 2.3 to 5.5

mmbtenorio · July 26, 2017, 7:18pm

We're upgrading from ELK 2.3 to ELK 5.5, I'm trying to make this query work, tried to follow the query changes from ES 2.3 to 5.5 but every time I tweak something in it, different errors came up. Maybe someone can help me edit/translate these queries?

This is the original query and the error I got when I ran it in ES 5.5

So I changed "filtered" to "bool" based on this changes --->

But I still get error...

Then I tried to remove "bool" and "query" under "query" clause:

I don't know where to go from here.
Thanks in advance!

warkolm · July 26, 2017, 7:56pm

Please don't post pictures of text, they are difficult to read and some people may not be even able to see them
Are you able to repost the text, making sure it's code formatted?

mmbtenorio · July 26, 2017, 8:28pm

Sorry for that. Here are the codes:

Original Query:

    GET <index_name>/_search
    {
      "from": 0,
      "size": 5,
      "query": {
        "filtered": {
          "query": {
            "regexp": {
              "message": ".*reprocess costing data count = [1-9][0-9]*.*"
            }
          },
          "filter": {
            "bool": {
              "must": [
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-15m"
                    }
                  }
                }
              ],
              "must_not": []
            }
          }
        }
      }
    }

Error:

{
  "error": {
    "root_cause": [
      {
        "type": "parsing_exception",
        "reason": "no [query] registered for [filtered]",
        "line": 5,
        "col": 17
      }
    ],
    "type": "parsing_exception",
    "reason": "no [query] registered for [filtered]",
    "line": 5,
    "col": 17
  },
  "status": 400
}

Then changed "filtered" with "bool"(query clause):

GET <index_name>/_search
{
  "from": 0,
  "size": 5,
  "query": {
    "bool": {
      "query": {
        "regexp": {
          "message": ".*reprocess costing data count = [1-9][0-9]*.*"
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gte": "now-15m"
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  }
}

Error 2:

{
  "error": {
    "root_cause": [
      {
        "type": "parsing_exception",
        "reason": "[bool] query does not support [query]",
        "line": 6,
        "col": 16
      }
    ],
    "type": "parsing_exception",
    "reason": "[bool] query does not support [query]",
    "line": 6,
    "col": 16
  },
  "status": 400
}

Removed "bool" & "query" under "query" clause:

GET <index_name>/_search
{
  "from": 0,
  "size": 5,
  "query": {
    "regexp": {
      "message": ".*reprocess costing data count = [1-9][0-9]*.*"
    }
  },
  "filter": {
    "bool": {
      "must": [
        {
          "range": {
            "@timestamp": {
              "gte": "now-15m"
            }
          }
        }
      ],
      "must_not": []
    }
  }
}

Error 3:

{
  "error": {
    "root_cause": [
      {
        "type": "parsing_exception",
        "reason": "Unknown key for a START_OBJECT in [filter].",
        "line": 7,
        "col": 13
      }
    ],
    "type": "parsing_exception",
    "reason": "Unknown key for a START_OBJECT in [filter].",
    "line": 7,
    "col": 13
  },
  "status": 400
}

system · August 23, 2017, 8:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.