Unable to use msearch using Curl or any Rest client

niraj_kumar · November 28, 2017, 7:21am

Hi,

I got the my complex _msearch query from chrome developer tools. I took the payload the the request URL and pasted that in the dev tools and it worked fine and gave me the same result i was looking for as kibana UI. As a use case i want to post this query to zabbix but that is a different topic. I want to call this using a program like python or bash script.

My search query looks like this:

{"index":["bigdata_prd-*"],"ignore_unavailable":true,"preference":1511829047717}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"raw_queue: \"test_k1_k8\""}},{"range":{"@timestamp":{"gte":1511742649613,"lte":1511829049613,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"1":{"avg":{"field":"raw_payload_count_total"}}}}

So as you see these are two different json but Kibana is able to parse that properly and give me the correct value as required. I am not sure how it is parsing that. I tried using curl or postman and did a POST but it fails with a parse error

{"error":{"root_cause":[{"type":"parse_exception","reason":"request body or source parameter is required"}],"type":"parse_exception","reason":"request body or source parameter is required"}

How to make a _msearch work with Curl .

--
Niraj

spinscale · November 28, 2017, 7:51am

Hey,

is your second line with the request JSON really ending with a newline? See the note in https://www.elastic.co/guide/en/elasticsearch/reference/6.0/search-multi-search.html#search-multi-search

--Alex

niraj_kumar · November 28, 2017, 7:55am

Yes it does end with the new line.

spinscale · November 28, 2017, 7:58am

please share the exact curl query you executed, including all parameters

niraj_kumar · November 28, 2017, 8:02am

Please find it below:

curl -XGET "http://example.com/elasticsearch/bigdata_prd-2017*/_msearch?" -H 'Content-Type: application/json' -d'
{"index":["bigdata_prd-*"],"ignore_unavailable":true,"preference":1511831863818}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"raw_queue: \"test_k1_k8\""}},{"range":{"@timestamp":{"gte":1511745466067,"lte":1511831866067,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"1":{"avg":{"field":"raw_payload_count_total"}}}}'

spinscale · November 28, 2017, 8:21am

that example does not contain a newline in the second line, but contains an unnecessary newline right at the beginning.

can you try

curl -XGET "http://example.com/elasticsearch/bigdata_prd-2017*/_msearch?" -H 'Content-Type: application/json' -d'{"index":["bigdata_prd-*"],"ignore_unavailable":true,"preference":1511831863818}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"raw_queue: \"test_k1_k8\""}},{"range":{"@timestamp":{"gte":1511745466067,"lte":1511831866067,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"1":{"avg":{"field":"raw_payload_count_total"}}}}
'

system · December 26, 2017, 8:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.