So I'm trying to post this query into elastic and is coming up the error in the title. This is my query for reference:
{
"query": {
"bool": {
"filter": [ {
"match_phrase": {
"doc_type": "commits"
}
},
{
"range": {
"@timestamp": {
"gte": start_date + "T00:00:00+00:00",
"lte": end_date + "T00:00:00+00:00"
}
}
}
],
"should":
{
"match_phrase": {"field1": "string"}
},
"minimum_should_match": 1,
"must_not":
{
"match_phrase": {"repository_name": "repo_name"}
}
},
"size": 0,
"aggs": {
"repo_name": {
"terms": {
"field": "repository_full_name",
"size": 10000
},
"aggs": {
"repo_name": {
"terms": {
"field": "BRANCH_NAME",
"size": 10000
}
}
}
}
}
}
}
I'm trying to understand why this is coming up as an error? I've double checked all the brackets are closing properly and can't rack my brain around it.
You are missing one }, at the end of the query part. The query part should be closed, before beginning the aggregation part.
The structure should be -
{
"query":{},
"aggs":{}
}
Try out the below query
{
"query": {
"bool": {
"filter": [
{
"match_phrase": {
"doc_type": "commits"
}
},
{
"range": {
"@timestamp": {
"gte": start_date + "T00:00:00+00:00",
"lte": end_date + "T00:00:00+00:00"
}
}
}
],
"should": {
"match_phrase": {
"field1": "string"
}
},
"minimum_should_match": 1,
"must_not": {
"match_phrase": {
"repository_name": "repo_name"
}
}
}
}, // note this
"size": 0,
"aggs": {
"repo_name": {
"terms": {
"field": "repository_full_name",
"size": 10000
},
"aggs": {
"repo_name": {
"terms": {
"field": "BRANCH_NAME",
"size": 10000
}
}
}
}
}
}