Hi
Below is my range with aggregation search query. It gives me an error but runs well if I remove the "term" sentence.
GET /esi_elb_log-*/_search
{
"size" : 0,
"query" : {
"constant_score" : {
"filter" : {
"term" : { "service_name" : "AUTH"},
"range" : {
"@timestamp" : {
"gt" : "now-2h"
}
}
}
}
},
"aggs": {
"my_date_histo" : {
"date_histogram" : {
"field" : "@timestamp",
"interval" : "1m"
},
"aggs":{
"the_movavg" : {
"moving_avg" : {
"buckets_path": "_count" ,
"window" : 30,
"model" : "simple"
}
}
}
}
}
}
result
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 17
}
],
"type": "parsing_exception",
"reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 7,
"col": 17
},
"status": 400
}
But I can't find any syntax error on it.
Thanks.