Query parse error


(Clay Gorman) #1

I was wondering why one query works and other doesnt. The top one gives me a parse error.

does not work:

{
	"query": {
		"filtered": {
			"query": {
				"query_string": {
					"query": "*",
					"analyze_wildcard": true
				}
			},
			"filter": {
				"bool": {
					"must": {
						"0": {
							"range": {
								"@timestamp": {
									"gte": "now-30d/d",
									"lte": "now",
									"format": "yyyy-MM-dd HH:mm:ss"
								}
							}
						}
					}
				}
			}
		}
	}
}

Works:

{
	"query": {
		"filtered": {
			"query": {
				"query_string": {
					"query": "*",
					"analyze_wildcard": true
				}
			},
			"filter": {
				"bool": {
					"must": [{
						"range": {
							"@timestamp": {
								"gte": "now-30d/d",
								"lte": "now",
								"format": "yyyy-MM-dd HH:mm:ss"
							}
						}
					}]
				}
			}
		}
	}
}

(Glen Smith) #2

Clay,

The first query is malformed.

What does the parse error say?

Glen


(Clay Gorman) #3
{
   "error": {
      "root_cause": [
         {
            "type": "query_parsing_exception",
            "reason": "No query registered for [0]",
            "index": "channelhangup2-2016.03.10",
            "line": 13,
            "col": 19
         }
  }
}

A bunch of times for each index over the range. Shouldn't ES just strip out the "0" ?


(Glen Smith) #4

Clay,

No. That's not a valid construction of a must clause. You should use the one that works.

Glen


(system) #5