Below is the query I am trying to make on Elasticsearch 8.3, using RestHighLevelClient 7.17
Query
---------
{
"size": 0,
"timeout": "600000ms",
"query": {
"bool": {
"filter": [
{
"range": {
"recvBytes64": {
"from": "1",
"to": null,
"include_lower": false,
"include_upper": true,
"boost": 1
}
}
},
{
"range": {
"phRecvTime": {
"from": 1665512377000,
"to": 1665512976000,
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
]
}
},
"aggregations": {
"compisite_fields": {
"terms": {
"script": {
"source": "doc['eventType']",
"lang": "painless"
},
"size": 2000,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"STDDEV(recvBytes64).std_deviation": "desc"
},
{
"_key": "asc"
}
]
},
"aggregations": {
"STDDEV(recvBytes64)": {
"extended_stats": {
"field": "recvBytes64",
"sigma": 2
}
}
}
}
}
}
Error seen from RestHighLevelClient
2022-10-11 11:29:37,099 ERROR [main-pool-5] com.accelops.elastic.server.action.QueryAction - [PH_JAVA_QUERYSERVER_ERROR]:[eventSeverity]=PHL_ERROR,[phEventCategory]=3,[methodName]=throwFailedToParse,[className]=org.elasticsearch.xcontent.ObjectParser,[procName]=javaQueryServer,[lineNumber]=609,[errReason]=[1:581] [ParsedStringTerms] failed to parse field [buckets],[phLogDetail]=Unable to parse response body for Response{requestLine=POST /fortisiem-event-2022.10.11*,copy-fortisiem-event-2022.10.11*/_search?typed_keys=true&max_concurrent_shard_requests=5&ignore_unavailable=true&expand_wildcards=open&allow_no_indices=true&ignore_throttled=false&search_type=query_then_fetch&batched_reduce_size=512 HTTP/1.1, host=http://10.65.20.165:9200, response=HTTP/1.1 200 OK}
2022-10-11 11:29:37,102 ERROR [main-pool-5] com.accelops.elastic.server.action.QueryAction - [PH_JAVA_QUERYSERVER_ERROR]:[eventSeverity]=PHL_ERROR,[phEventCategory]=3,[procName]=javaQueryServer,[phLogDetail]=org.elasticsearch.xcontent.ObjectParser.throwFailedToParse(ObjectParser.java:609)
<- org.elasticsearch.xcontent.ObjectParser.parseValue(ObjectParser.java:604)
<- org.elasticsearch.xcontent.ObjectParser.parseArray(ObjectParser.java:597)
<- org.elasticsearch.xcontent.ObjectParser.parseSub(ObjectParser.java:630)
<- org.elasticsearch.xcontent.ObjectParser.parse(ObjectParser.java:320)
<- org.elasticsearch.xcontent.ObjectParser.parse(ObjectParser.java:260)
<- org.elasticsearch.search.aggregations.bucket.terms.ParsedStringTerms.fromXContent(ParsedStringTerms.java:36)
<- org.elasticsearch.client.RestHighLevelClient.lambda$getDefaultNamedXContents$39(RestHighLevelClient.java:2871)
<- org.elasticsearch.xcontent.NamedXContentRegistry.parseNamedObject(NamedXContentRegistry.java:141)
<- org.elasticsearch.xcontent.support.AbstractXContentParser.namedObject(AbstractXContentParser.java:408)
<- org.elasticsearch.common.xcontent.XContentParserUtils.parseTypedKeysObject(XContentParserUtils.java:152)
<- org.elasticsearch.search.aggregations.Aggregations.fromXContent(Aggregations.java:131)
<- org.elasticsearch.action.search.SearchResponse.innerFromXContent(SearchResponse.java:343)
<- org.elasticsearch.action.search.SearchResponse.fromXContent(SearchResponse.java:299)
<- org.elasticsearch.client.RestHighLevelClient.parseEntity(RestHighLevelClient.java:2484)
<- org.elasticsearch.client.RestHighLevelClient.lambda$performRequestAndParseEntity$8(RestHighLevelClient.java:2105)
<- org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:2188)
<- org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:2137)
<- org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:2105)
<- org.elasticsearch.client.RestHighLevelClient.search(RestHighLevelClient.java:1367)
<- com.accelops.elastic.client.ElasticRestClient.execSearchRequest(ElasticRestClient.java:1091)
<- com.accelops.elastic.client.ElasticRestClient.query(ElasticRestClient.java:303)
<- com.accelops.elastic.server.action.QueryAction.doQuery(QueryAction.java:210)
<- com.accelops.elastic.server.action.QueryAction.execute(QueryAction.java:136)
<- com.accelops.elastic.server.action.Action.doAction(Action.java:152)
<- com.accelops.elastic.server.ElasticServer$ClientThread.run(ElasticServer.java:257)
<- java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
<- java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
<- java.lang.Thread.run(Thread.java:750)
When I checked the response which Elastic is returning, I see key such as "min_as_string"/"max_as_string" which are supposed to have string value contain number. Hence the internal parser which is supposed to parse the response fails to parse it. Is this a known bug in Elastic??
{
"took": 8,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 6291,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"compisite_fields": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "PH_DEV_MON_NET_INTF_UTIL",
"doc_count": 396,
"STDDEV(recvBytes64)": {
"count": 396,
"min": 1581368,
"max": 6859059200,
"avg": 579610316.7777778,
"sum": 229525685444,
"min_as_string": 1581368,
"max_as_string": 6859059200,
"avg_as_string": 579610316.7777778,
"sum_as_string": 229525685444,
"sum_of_squares": 694955123722910700000,
"variance": 1418989061803225300,
"variance_population": 1418989061803225300,
"variance_sampling": 1422581439174879200,
"std_deviation": 1191213273.0133698,
"std_deviation_population": 1191213273.0133698,
"std_deviation_sampling": 1192720184.7771668,
"std_deviation_bounds": {
"upper": 2962036862.8045173,
"lower": -1802816229.248962,
"upper_population": 2962036862.8045173,
"lower_population": -1802816229.248962,
"upper_sampling": 2965050686.3321114,
"lower_sampling": -1805830052.776556
},
"sum_of_squares_as_string": 694955123722910700000,
"variance_as_string": 1418989061803225300,
"variance_population_as_string": 1418989061803225300,
"variance_sampling_as_string": 1422581439174879200,
"std_deviation_as_string": "1.1912132730133698E9",
"std_deviation_population_as_string": "1.1912132730133698E9",
"std_deviation_sampling_as_string": "1.1927201847771668E9",
"std_deviation_bounds_as_string": {
"upper": "2.9620368628045173E9",
"lower": "-1.802816229248962E9",
"upper_population": "2.9620368628045173E9",
"lower_population": "-1.802816229248962E9",
"upper_sampling": "2.9650506863321114E9",
"lower_sampling": "-1.805830052776556E9"
}
}
},
{
"key": "PH_DEV_MON_VM_NET_INTF_UTIL",
"doc_count": 5895,
"STDDEV(recvBytes64)": {
"count": 5895,
"min": 20480,
"max": 4314828800,
"avg": 25417809.642069552,
"sum": 149837987840,
"min_as_string": 20480,
"max_as_string": 4314828800,
"avg_as_string": 25417809.642069552,
"sum_as_string": 149837987840,
"sum_of_squares": 171963732047639350000,
"variance": 28525051500521036,
"variance_population": 28525051500521036,
"variance_sampling": 28529891176717256,
"std_deviation": 168893610.005,
"std_deviation_population": 168893610.005,
"std_deviation_sampling": 168907936.98555806,
"std_deviation_bounds": {
"upper": 363205029.65206957,
"lower": -312369410.3679304,
"upper_population": 363205029.65206957,
"lower_population": -312369410.3679304,
"upper_sampling": 363233683.6131857,
"lower_sampling": -312398064.32904655
},
"sum_of_squares_as_string": 171963732047639350000,
"variance_as_string": 28525051500521036,
"variance_population_as_string": 28525051500521036,
"variance_sampling_as_string": 28529891176717256,
"std_deviation_as_string": "1.68893610005E8",
"std_deviation_population_as_string": "1.68893610005E8",
"std_deviation_sampling_as_string": "1.6890793698555806E8",
"std_deviation_bounds_as_string": {
"upper": "3.6320502965206957E8",
"lower": "-3.123694103679304E8",
"upper_population": "3.6320502965206957E8",
"lower_population": "-3.123694103679304E8",
"upper_sampling": "3.632336836131857E8",
"lower_sampling": "-3.1239806432904655E8"
}
}
}
]
}
}
}