Why do I get null pointer errors when sorting by a scripted field and increasing the size in a terms aggregation?

patrickian · August 16, 2017, 1:07am

I got a weird error while sorting with a scripted field. I have something like

"agg_one": {
                  "terms": {
                    "field": "application.keyword",
                    "size": 100,
                    "order": {
                      "_count": "desc"
                    }
                  },
                  "aggs": {
                    "total_time": {
                      "sum": {
                        "script": {
                          "inline": "doc['action_end'] - doc['action_start']",
                          "lang": "expression"
                        }
                      }
                    },
                    "threads": {
                      "terms": {
                        "field": "thread.keyword",
                        "size": 100,
                        "order": {
                          "total_time": "desc"
                        }
                      },
                      "aggs": {
                        "total_time": {
                          "sum": {
                            "script": {
                              "inline": "doc['action_end'] - doc['action_start']",
                              "lang": "expression"
                            }
                          }
                        }
                      }
                    }
                  }
                }

Under the threads aggregation, it's sorted by total_time, which is computed by script. If I do it like that, I get null pointer errors. Now, when I change it to sort by _count: "desc", it works. What could the error there be?

Also, in another instance, If i change the size from 100 to 1000 in the threads aggregate, It also throws null pointer errors. Again, why could that be? I have aggregates that have less than 100 but it still works fine when the size is set to 100. Advanced thanks to anyone who could shed some light as to why I'm getting these errors. Thank you.

Elasticsearch version is 5.5.0 by the way.

rjernst · August 18, 2017, 6:22am

Do you see a stack trace for the null pointer in your logs? If not, can you run your query with error_trace=true (see https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#common-options-error-options).

patrickian · August 25, 2017, 4:03am

I added "missing: 0" in the total_time aggregations and the error went away. I guess there were records not having the total_time aggregation?

system · September 22, 2017, 4:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch scripted_metric null_pointer_exception Elasticsearch	2	476	December 27, 2019
Null reference error in scripted field Elasticsearch	3	435	July 10, 2020
Null pointer exeption while creating a scripted metric Elasticsearch painless	10	1181	April 21, 2020
Null_pointer_exception when using aggregation Elasticsearch	2	20	November 6, 2024
Sorting based on scripted metrics aggregation Elasticsearch	3	873	March 23, 2021

Why do I get null pointer errors when sorting by a scripted field and increasing the size in a terms aggregation?

Related topics