Rollup search + script query

Elastic Stack Elasticsearch
1

Hello,

I'd like to know if the "script query" can be used with the rollup searchs.

https://www.elastic.co/guide/en/elasticsearch/reference/6.6/query-dsl-script-query.html#query-dsl-script-query

I had the following query that works ok using a normal _search on a normal index:

GET index/_search
{
  "size": 0,
  "aggs": {
    "daily": {
      "date_histogram": {
        "field": "timestamp",
        "interval": "24h"
      },
      "aggs": {
        "operations": {
          "terms": {
            "script": {
              "id": "request_operation_types",
              "params": {
                "field": "method"
              }
            }
          }
        }
      }
    }
  }
}

But it doesn't work using a _rollup_search in a rollup index.

GET rollup_index/_rollup_search
{
  "size": 0,
  "aggs": {
    "daily": {
      "date_histogram": {
        "field": "timestamp",
        "interval": "24h"
      },
      "aggs": {
        "operations": {
          "terms": {
            "script": {
              "id": "request_operation_types",
              "params": {
                "field": "method"
              }
            }
          }
        }
      }
    }
  }
}

I got

{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "There is not a rollup job that has a [terms] agg on field [null] which also satisfies all requirements of query."
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "There is not a rollup job that has a [terms] agg on field [null] which also satisfies all requirements of query."
  },
  "status": 400
}

Thanks in advance.

2

Hmm, looks like a bug. I don't think scripts work well (or at all?) with RollupSearch right now. Internally, Rollup renames all the fields to a very strict convention. Queries are then rewritten to match the field names... but this rewriting process isn't able to rewrite scripts. So scripts are trying to use the old name which doesn't match anymore.

The error itself is because there's a bug in the validation (the terms agg doesn't have a "field" parameter so fails validation)... but the script itself wouldn't work anyway.

I'll see about improving either the error message (failing due to script) or see if maybe we can support scripts.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.