I need help wiht understanding this syntax. I have gone through the docs, but since I am new to ELK, I am finding it hard to make this run.
The following API query runs and returns all records that has the exact match of the phrase "Exception occurred while loading".
> curl --header "Content-Type:application/json" -XPOST "http://localhost:9200/_search" -d'
> {
> "query": {
> "query_string" : {
> "query" : "\"Exception occured while loading\""
> }
> }
> }'
I then tried running the same query, for records that are not older than 5 months.
> curl --header "Content-Type:application/json" -XPOST "http://localhost:9200/_search" -d'
> {
> "query": {
> "query_string" : {
> "query" : "\"Exception occured while loading\""
> },
> "filter" : [
> { "range" : { "@timestamp" : { "gte" : "{now-5M}"}}}
> ]
> }
> }'
I get the following error.
{"error":{"root_cause":[{"type":"parsing_exception","reason":"[query_string] malformed query, expected [END_OBJECT] but found [FIELD_NAME]","line":7,"col":9}],"type":"parsing_exception","reason":"[query_string] malformed query, expected [END_OBJECT] but found [FIELD_NAME]","line":7,"col":9},"status":400}
What is the reason? Is it possible to add a date filter to the query_string clause?
Thanks for reading.