Query_string with wildcard fields sends "Can't parse boolean value"

Elastic Stack Elasticsearch
1

Hello,

Basic query such as the documentation here Query string query | Elasticsearch Guide [7.9] | Elastic results in error:

I've tested with version 7.9, I'll try next with the current 7.12


GET _search?error_trace=true
{
  "explain": true, 
  "version": true,
  "size": 50,
  "query": {
      "query_string": {
        "fields": ["identificationWorkSchema.*"],
        "query": "Welcome AND CLEOP"
      }
        
  }
}

This field contain nested fields as declared in the mapping


      "identificationWorkSchema.identifiers": {
        "type": "nested",
        "include_in_parent": true
      },
      "identificationWorkSchema.workTitle": {
        "type": "nested",
        "include_in_parent": true
      },

The response is:


{
  "took" : 556,
  "timed_out" : false,
  "_shards" : {
    "total" : 14,
    "successful" : 11,
    "skipped" : 0,
    "failed" : 3,
    "failures" : [
      {
        "shard" : 0,
        "index" : "tryphon-app",
        "node" : "phQNVeOPQJuM1K2HEjClYw",
        "reason" : {
          "type" : "query_shard_exception",
          "reason" : "failed to create query: Can't parse boolean value [Welcome], expected [true] or [false]",
          "index_uuid" : "KqoWux2RSCeyT2XOVvg2gQ",
          "index" : "tryphon-app",
          "caused_by" : {
            "type" : "illegal_argument_exception",
            "reason" : "Can't parse boolean value [Welcome], expected [true] or [false]"
          }
        }
      }
    ]
  },
  "hits" : {
    "total" : {
      "value" : 0,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  }
}

It looks like a bug ?

2

Welcome Clément!

Please share the full mapping you have. That'd help to understand.
I believe that one of the subfields that you have in identificationWorkSchema is a boolean.

You could also use the lenient: true option.

Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

A full reproduction script is something anyone can copy and paste in Kibana dev console, click on the run button to reproduce your use case. It will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.

3

Thank you David for your answer.
I'm trying to make a script, it's going to take me time.

For now I've tried with version 7.12, with the same result.
lenient: true work as a bypass solution!
Indeed I have a boolean sub field in identificationWorkSchema.

I cannot paste all mapping because it's mainly 2000 lines of declaring other nested fields.
But here's a more detail file:

{
  "settings": {
    "index.mapping.total_fields.limit": 50000,
    "index.mapping.nested_fields.limit": 1000,
    "index.query.default_field": 5000,
    "index.mapping.nested_objects.limit": 50000,
    "number_of_shards": 3,
    "number_of_replicas": 0,
    "analysis": {
      "analyzer": {
        "case_insensitive_analyzer": {
          "tokenizer": "whitespace",
          "filter": [
            "lowercase",
            "word_delim",
            "asciifolding"
          ]
        },
        "folding_standard": {
          "tokenizer": "whitespace",
          "filter": [
            "lowercase",
            "asciifolding"
          ]
        }
      },
      "filter": {
        "word_delim": {
          "type": "word_delimiter",
          "type_table": [
            ". => ALPHA"
          ],
          "catenate_words": true,
          "generate_word_parts": false,
          "generate_number_parts": false,
          "preserve_original": true,
          "split_on_case_change": false,
          "split_on_numerics": false,
          "stem_english_possessive": true
        }
      },
      "normalizer": {
        "case_insensitive_sorting": {
          "type": "custom",
          "char_filter": [
            "custom_char_filter"
          ],
          "filter": [
            "lowercase",
            "asciifolding"
          ]
        }
      },
      "char_filter": {
        "custom_char_filter": {
          "type": "pattern_replace",
          "pattern": "(.{0,50}).*",
          "replacement": "$1"
        }
      }
    }
  },
  "mappings": {
    "dynamic_templates": [
      {
        "text_analyze": {
          "match": "*",
          "match_mapping_type": "string",
          "mapping": {
            "type": "text",
            "analyzer": "folding_standard",
            "search_analyzer": "case_insensitive_analyzer",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              },
              "lower": {
                "type": "keyword",
                "ignore_above": 256,
                "normalizer": "case_insensitive_sorting"
              }
            }
          }
        }
      }
    ],
    "date_detection": false,
    "properties": {
      "entityType": {
        "type": "keyword"
      },
      "identificationWorkSchema.identifiers": {
        "type": "nested",
        "include_in_parent": true
      },
      "identificationWorkSchema.workTitle": {
        "type": "nested",
        "include_in_parent": true
      }
  }
}
4

So if you can just reproduce with a simpler script, that'd be great.

5

@dadoonet Ok, I managed to reproduce it with a simple script in kibana:

DELETE index
PUT index/_doc/1
{
  "toto": {
    "tata": "Big blue",
    "isBig": true
  }
}
GET _search?error_trace=true
{
  "version": true,
  "size": 50,
  "query": {
      "query_string": {
        "fields": ["toto.*"],
        "query": "Big"
      }
  }
}

Producing error:

{
  "took" : 4,
  "timed_out" : false,
  "_shards" : {
    "total" : 11,
    "successful" : 10,
    "skipped" : 0,
    "failed" : 1,
    "failures" : [
      {
        "shard" : 0,
        "index" : "index",
        "node" : "f9dy58r6ToqLOcGacxdkug",
        "reason" : {
          "type" : "query_shard_exception",
          "reason" : "failed to create query: Can't parse boolean value [Big], expected [true] or [false]",
          "index_uuid" : "JTVQu-mDSKyQob5R1Zleig",
          "index" : "index",
          "caused_by" : {
            "type" : "illegal_argument_exception",
            "reason" : "Can't parse boolean value [Big], expected [true] or [false]"
          }
        }
      }
    ]
  },
  "hits" : {
    "total" : {
      "value" : 0,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  }
}

There's no error if I try with all fields:

fields: ["*"]

So something in elastic code may avoid conflict with boolean for this particular case.

No error either without the isBig boolean in the document.

6

Just to make sure I understand. I tried with:

DELETE index
PUT index/_doc/1
{
  "toto": {
    "tata": "Big blue",
    "isBig": true
  }
}
GET index/_search?error_trace=true
{
  "size": 50,
  "query": {
      "query_string": {
        "fields": ["toto.*"],
        "query": "Big",
        "lenient": true
      }
  }
}

This works well. So is there anything else that needs to be fixed?

BTW in you example you are running the search on the whole cluster, including "system" indices. I recommend running that only on indices that have the data you want to search for.

7

With "lenient": true, it works well. It's just that the documentation nor the error message gives a clear explaination of the necessity of lenient. And the behavior is not consistent between just "" and "xxx." in fields.

8

I got a much more detailed stacktrace when I searched only in the right index.

Try:

GET index/_search?error_trace=true
{
  "size": 50,
  "query": {
      "query_string": {
        "fields": ["toto.*"],
        "query": "Big"
      }
  }
}
9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.