Syntax error in Search API with query_string and date filter


(Shankar) #1

I need help wiht understanding this syntax. I have gone through the docs, but since I am new to ELK, I am finding it hard to make this run.

The following API query runs and returns all records that has the exact match of the phrase "Exception occurred while loading".

>     curl --header "Content-Type:application/json" -XPOST "http://localhost:9200/_search" -d'
>     {
>         "query": {
>             "query_string" : {
>                 "query" : "\"Exception occured while loading\""
>             }
>         }
>     }'

I then tried running the same query, for records that are not older than 5 months.

> curl --header "Content-Type:application/json" -XPOST "http://localhost:9200/_search" -d'
> {
>     "query": {
>         "query_string" : {
>             "query" : "\"Exception occured while loading\""
>         },
>         "filter" : [
>                 { "range" : { "@timestamp" : { "gte" : "{now-5M}"}}}
>         ]
>     }
> }'

I get the following error.

{"error":{"root_cause":[{"type":"parsing_exception","reason":"[query_string] malformed query, expected [END_OBJECT] but found [FIELD_NAME]","line":7,"col":9}],"type":"parsing_exception","reason":"[query_string] malformed query, expected [END_OBJECT] but found [FIELD_NAME]","line":7,"col":9},"status":400}

What is the reason? Is it possible to add a date filter to the query_string clause?

Thanks for reading.


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.