Query malformed, no start_object after the query name

Question

Query malformed, no start_object after the query name

I run this request with AWS Elasticsearch 5.1 and I get an invalid request error. Here is the request body. I just check if the field exists during the range.

{
  "query": {
    "bool": {
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gt": "2017-03-21T15:37:08.595919Z",
                  "lte": "2017-04-21T15:52:08.595919Z"
                }
              }
            },
            {
              "query": [
                {
                  "query_string": {
                    "query": "_exists_: $event.supplier"
                  }
                }
              ]
            }
          ]
        }
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "asc"
      }
    }
  ]
}

+4

elasticsearch elastalert

puneeth Apr 21 '17 at 16:43

source share

1 answer

Andrei Stefan · Accepted Answer · 2017-04-21T22:04:19+0000

The second statement mustwas incorrect:

{
  "query": {
    "bool": {
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gt": "2017-03-21T15:37:08.595919Z",
                  "lte": "2017-04-21T15:52:08.595919Z"
                }
              }
            },
            {
              "query_string": {
                "query": "_exists_: $event.supplier"
              }
            }
          ]
        }
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "asc"
      }
    }
  ]
}

Query malformed, no start_object after the query name

More articles: