I have the next error: Expected [START_OBJECT] under [fields], but got a [START_ARRAY] in [statistics]
The elasticsearch query:
body={"query":{"bool":{"must":[{"range":{"@timestamp":{"lte":"2022-03-24T09:25:15.000-03:00","gte":"2022-03-23T09:25:15.000-03:00"}}},{"match":{"type.keyword":"TABLE"}},{"match":{"HOSTNAME.keyword": "EQUIPO"}}],}},"aggs":{"statistics":{"fields":["COLUMN1","COLUMN2"]}}}
I expected to get correlation statistics between COLUMN1 and COLUMN2
CodePudding user response:
Your JSON is malformed, there is unnecessary comma(,) after the match array.
Correct JSON for your query is
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"lte": "2022-03-24T09:25:15.000-03:00",
"gte": "2022-03-23T09:25:15.000-03:00"
}
}
},
{
"match": {
"type.keyword": "TABLE"
}
},
{
"match": {
"HOSTNAME.keyword": "EQUIPO"
}
}
]
}
},
"aggs": {
"statistics": {
"fields": [
"COLUMN1",
"COLUMN2"
]
}
}
}
CodePudding user response:
Your JSON is malformed. there is unnecessary comma(,) after the match array as mentioned by Amit.
Alos, your correlation aggregation query is not correct. you are missing matrix_stats in aggregation body. You need to give aggregation like below:
{
"aggs": {
"statistics": {
"matrix_stats": {
"fields": [ "COLUMN1", "COLUMN2" ]
}
}
}
}