I'm trying to run this Opensearch query in devtools and am getting the following error:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[terms] query does not support [pname]",
"line": 16,
"col": 33
}
],
"type": "x_content_parse_exception",
"reason": "[12:33] [bool] failed to parse field [filter]",
"caused_by": {
"type": "parsing_exception",
"reason": "[terms] query does not support [pname]",
"line": 16,
"col": 33
}
},
"status": 400
}
I'm trying to get the number of documents for a pname 'John Smith' between two timestamps. I'm not quite sure why it's failing.
GET /persons*/_search
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "2024-03-17",
"lte": "2024-03-19"
}
}
},
{
"terms": {
"pname": "John-Smith"
}
}
]
}
},
"aggs": {
"pname_count": {
"terms": {
"field": "pname.keyword",
"size": 10
}
}
}
}
If I add [ ] around the term [ "John-Smith" ] like the docs say I then get the following error:
"reason": "failed to parse date field [2024-03-17] with format [epoch_millis]: [failed to parse date field [2024-03-17] with format [epoch_millis]]"
}
For terms query you should add [] like you mentioned. For range query you should add format if the indexed data field format is not same with the query field format. In your cause @timestamp field is indexed with epoch_millis format but you send query with yyyy-MM-dd format.
GET /persons*/_search
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "2024-03-17",
"lte": "2024-03-19",
"format": "yyyy-MM-dd"
}
}
},
{
"terms": {
"pname": ["John-Smith"]
}
}
]
}
},
"aggs": {
"pname_count": {
"terms": {
"field": "pname.keyword",
"size": 10
}
}
}
}