在 elasticsearch 查询中排除给出解析搜索源失败。预期的字段名称但得到 [START_OBJECT]

Question

我有以下查询， 1. 获取所有日志类型错误的数据。 2.排除logmessage字段中有error occured的所有数据。

curl -s -XGET 'localhost:9200/index_name/type/_search?pretty=true&size=10' -d '
{
    "query": {
        "match" : {
            "logtype" : "error"
        },
        "should": {
            "bool": {
               "must_not": {
                  "match": {
                     "logMessage": "*error occured*"
                  }
               }
            }
         }
    }
}
'

但是上面的命令给出了：

 {
    "error": {
        "root_cause": [{
            "type": "parse_exception",
            "reason": "failed to parse search source. expected field name but got [START_OBJECT]"
        }],
        "type": "search_phase_execution_exception",
        "reason": "all shards failed",
        "phase": "query",
        "grouped": true,
        "failed_shards": [{
            "shard": 0,
            "index": "indexname",
            "node": "HxII3rajS4KP5dkP-ZvPSw",
            "reason": {
                "type": "parse_exception",
                "reason": "failed to parse search source. expected field name but got [START_OBJECT]"
            }
        }]
    },
    "status": 400
 }

如何解决？

Answer 1

试试这个：

curl -s -XGET 'localhost:9200/index_name/type/_search?pretty=true&size=10' -d '{
  "query": {
    "bool": {
      "must": {
        "match": {
          "logtype": "error"
        }
      },
      "must_not": {
         "match": {
           "logMessage": "*error occured*"
         }
      }
    }
  }
}'

在 elasticsearch 查询中排除给出解析搜索源失败。预期的字段名称但得到 [START_OBJECT]

Exclude in elasticsearch query gives failed to parse search source. expected field name but got [START_OBJECT]

curl

elasticsearch

kibana