Query Syntax question


(ajay.bh111) #1

I have index with following info as seen in Kibana query json:
{
"_index": "es5dbmon_10",
"_type": "metrics",
"_id": "AV7nxxU3nLFmflBF65oY",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2017-10-04T14:26:00Z",
"disk": {
"free": 20491194368,
"inodes_free": 5224658,
"inodes_total": 5242880,
"inodes_used": 18222,
"total": 84415266816,
"used": 63048323072,
"used_percent": 75.47125600442061
},
"measurement_name": "disk",
"tag": {
"device": "sda",
"fstype": "ext4",
"host": "esdbmonm05",
"path": "/es1"
}
},
"fields": {
"@timestamp": [
1507127160000
]
},
"highlight": {
"measurement_name": [
"@kibana-highlighted-field@disk@/kibana-highlighted-field@"
],
"tag.path": [
"/@kibana-highlighted-field@es1@/kibana-highlighted-field@"
]
},
"sort": [
1507127160000
]
}

When I try to query the same info using Python client script (ES version 5.5) with the highlighted term line , output is displayed and data retrieved looks OK. But when I uncomment the highlighted line { "term": { "tag.path": "/es1" }}, it gives parsing error like below:
What is not correct/syntax in adding the second condition for path matching in query ?

Error:

./test.py
Traceback (most recent call last):
File "./test.py", line 22, in
{ "term": { "tag" : {"path": "/es1" }}}
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 73, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/init.py", line 569, in search
doc_type, '_search'), params=params, body=body)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 128, in perform_request
self._raise_error(response.status, raw_data)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/base.py", line 122, in _raise_error
raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
elasticsearch.exceptions.RequestError: TransportError(400, u'parsing_exception', u'[term] query does not support [path]')

Script:

!/usr/bin/env python
import requests
from elasticsearch import Elasticsearch
import json
import time
import signal
from subprocess import call
DISK_PATH="TBD"
DISK_USED=0
HOST="localhost"
es = Elasticsearch([{'host': 'localhost', 'port': 80}])
while True:
res = es.search(
index="es5dbmon*",
doc_type="metrics",
body={"query": {
"bool": {
"must": [
{ "term": { "measurement_name": "disk" }},
# { "term": { "tag.path": "/es1" }}
]
}
}
}
)
print("%d documents found" % res['hits']['total'])
for doc in res['hits']['hits']:
HOST=doc['_source']['tag']['host']
DISK_PATH=doc['_source']['tag']['path']
DISK_USED=doc['_source']['disk']['used_percent']
print ('DISK Usage %: ' + str(DISK_PATH) + " "+ str(DISK_USED) +" "+ str(doc['_source']['@timestamp']))

output shows like below:

195283 documents found
DISK Usage %: /es1 73.8076888944 2017-10-01T05:14:00Z
DISK Usage %: /es1 52.4002237761 2017-10-01T05:13:00Z


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.