I have this query:
range_query = {
"query": {
"bool": {
"must": [
{
"match": {
"type": DEFAULT_LOG_TYPE
},
"match": {
"namespace": namespace
}
},
{
"range": {
"@timestamp": {
"gte": ts,
"lte": te
}
}
}
]
}
}, "_source": ["message", "@timestamp"]
}
ad when I run these two commands on kibana, I can see that I have _source filed :
GET /my_index/_doc/doc_id and GET /my_index/_field_caps?fields=*&include_unmapped=true
Any idea why I get this error? I also tried adding "docvalue_fields": ["message"] and I get the error :
elasticsearch.exceptions.RequestError: RequestError(400, 'parsing_exception', 'request does not support [docvalue_fields]')
Any idea to resolve the issue?
Your match clauses are not correctly specified, they should be like this:
range_query = {
"query": {
"bool": {
"must": [
{
"match": {
"type": DEFAULT_LOG_TYPE
}
},
{
"match": {
"namespace": namespace
}
},
{
"range": {
"@timestamp": {
"gte": ts,
"lte": te
}
}
}
]
}
},
"_source": [
"message",
"@timestamp"
]
}