I'm facing some errors with DSL query builder and aggregations.
Tried several approaches and none of them seem to work.
If I remove aggs clause, the query works seamlessly.
Queries below return error: [bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME]
{
"query": {
"bool": {
"filter": [
{
"range": {
"json.@timestamp": {
"gt": "2021-08-22T00:00:00.000Z",
"lt": "2022-10-22T13:41:09.000Z"
}
}
},
{
"term": {
"json.path": "/api/v1/discover"
}
},
{
"wildcard": {
"container.image.name": {
"value": "*prod*"
}
}
}
]
}
},
"aggs": {
"totalCount": {
"sum": {
"field": "count"
}
}
}
}
Using aggs inside body also does not work.
{
"query": {
"bool": {
"filter": [
{
"range": {
"json.@timestamp": {
"gt": "2021-08-22T00:00:00.000Z",
"lt": "2022-10-22T13:41:09.000Z"
}
}
},
{
"term": {
"json.path": "/api/v1/discover"
}
},
{
"wildcard": {
"container.image.name": {
"value": "*prod*"
}
}
}
]
}
},
"body": {
"aggs": {
"group_by_id": {
"terms": {
"field": "cloud.image.id"
}
}
}
}
}
Not even a basic aggs example will succeed.
{
"query": {
"match_all": {}
},
"aggs": {
"objects": {
"terms": {
"field": "json.path"
}
}
}
}
This one returns error: [1:16806] unknown field [aggs]
{
"query": {
"aggs": {
"my-agg-name": {
"terms": {
"field": "json.path"
}
}
}
}
}
What am I doing wrong?
I'm on Elastic Cloud v7.16.2
CodePudding user response:
Just found out what the problem is... Aggregations will only work on Dev Tools page. It will not work on Discover page Seach box.