I'm facing some errors with DSL query builder and aggregations.
Tried several approaches and none of them seem to work.
If I remove aggs clause, the query works seamlessly.
Queries below return error: [bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME]
{
"query": {
"bool": {
"filter": [
{
"range": {
"json.@timestamp": {
"gt": "2021-08-22T00:00:00.000Z",
"lt": "2022-10-22T13:41:09.000Z"
}
}
},
{
"term": {
"json.path": "/api/v1/discover"
}
},
{
"wildcard": {
"container.image.name": {
"value": "*prod*"
}
}
}
]
}
},
"aggs": {
"totalCount": {
"sum": {
"field": "count"
}
}
}
}
Using aggs inside body also does not work.
{
"query": {
"bool": {
"filter": [
{
"range": {
"json.@timestamp": {
"gt": "2021-08-22T00:00:00.000Z",
"lt": "2022-10-22T13:41:09.000Z"
}
}
},
{
"term": {
"json.path": "/api/v1/discover"
}
},
{
"wildcard": {
"container.image.name": {
"value": "*prod*"
}
}
}
]
}
},
"body": {
"aggs": {
"group_by_id": {
"terms": {
"field": "cloud.image.id"
}
}
}
}
}
Not even a basic aggs example will succeed.
{
"query": {
"match_all": {}
},
"aggs": {
"objects": {
"terms": {
"field": "json.path"
}
}
}
}
This one returns error: [1:16806] unknown field [aggs]
{
"query": {
"aggs": {
"my-agg-name": {
"terms": {
"field": "json.path"
}
}
}
}
}
What am I doing wrong?
I'm on Elastic Cloud v7.16.2
Just found out what the problem is... Aggregations will only work on Dev Tools page. It will not work on Discover page Seach box.