I'm working on an issue with a client's kibana installation, where no results are returned for a specific keyword entry, but direct queries to elasticsearch do return a result. There are three values in the field; the other two return just fine, just not this one...
ElasticSearch & Kibana version: 6.3.2
Any ideas?
Where in Kibana is this query being generated? What does the query look like? What does the index mapping look like? What does a sample document look like?
Mapping for this field:
"type" : {
"type" : "keyword"
},
The query that kibana generates when I add the filter in either the discover or visualize tabs (see note):
{
"query": {
"match": {
"type": {
"query": "distributor-query-error",
"type": "phrase"
}
}
}
}
Note: when testing this in postman, this above query yields this error regardless of the value for the type field, but changing "distributor-query-error" to another type does yield results in kibana:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[match] query does not support [type]",
"line": 6,
"col": 17
}
],
"type": "parsing_exception",
"reason": "[match] query does not support [type]",
"line": 6,
"col": 17
},
"status": 400
}
There are three possible values for this field:
Sample found document (non-relevant fields stripped):
{
"_index": "part-search-2020.03",
"_type": "_doc",
"_id": "KroDM3EBoXAaVXXPmOSr",
"_version": 1,
"_score": null,
"_routing": "75fa5b5d-dc89-4f8a-befc-09ff3382241d",
"_source": {
"type": "distributor-query",
},
"fields": {
"@timestamp": [
"2020-03-31T23:53:25.812Z"
],
"submittedOn": [
"2020-03-31T23:53:25.324Z"
]
},
"highlight": {
"type": [
"@kibana-highlighted-field@distributor-query@/kibana-highlighted-field@"
]
},
"sort": [
1585698805324
]
}
Sample not found result:
{
"_index": "part-search-2020.03",
"_type": "_doc",
"_id": "PM6RLnEB3OX02Dcrv6TT",
"_score": 9.735274,
"_routing": "c2f0375e-5c95-437f-a0b2-7bad00e40454",
"_source": {
"@timestamp": "2020-03-31T03:10:35.869Z",
"errorMessage": "Exception: API Search failed for Company ****. ---> System.AggregateException: One or more errors occurred. ---> System.Exception: ******Failied with status code 400: Invalid Request - Error(s) in Post Request field(s) - The Keywords field is required..\r\nValidation Errors:\r\n- Keywords: The Keywords field is required.\r\n at **************.ThrowApiError(String jsonContent) in (Remainder of error message)",
"source": "API",
"type": "distributor-query-error",
"@version": "1",
"distributor": "(snipped)",
}
},
Here is the search query that does work in postman, as well as in the dev tools tab in kibana; putting the same query into either the discover or visualize tabs in kibana still fails to yield results:
{
"query": {
"match": {
"type": "distributor-query-error"
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.