query malformed, no start_object after query name

About

Asked 21/4, 2017 at 16:43 Answered 21/4, 2017 at 22:4

I am running this query against AWS Elasticsearch 5.1 and getting a malformed query error. Here is the body of the request. I am basically just checking if the field exists during the time range.

{
  "query": {
    "bool": {
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gt": "2017-03-21T15:37:08.595919Z",
                  "lte": "2017-04-21T15:52:08.595919Z"
                }
              }
            },
            {
              "query": [
                {
                  "query_string": {
                    "query": "_exists_: $event.supplier"
                  }
                }
              ]
            }
          ]
        }
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "asc"
      }
    }
  ]
}

Ralfston answered 21/4, 2017 at 16:43 Comment(0)

The second must statement was incorrect:

{
  "query": {
    "bool": {
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gt": "2017-03-21T15:37:08.595919Z",
                  "lte": "2017-04-21T15:52:08.595919Z"
                }
              }
            },
            {
              "query_string": {
                "query": "_exists_: $event.supplier"
              }
            }
          ]
        }
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "asc"
      }
    }
  ]
}

Maud answered 21/4, 2017 at 22:4 Comment(7)

where on the earth the second must statement is? – Wsan 14/9, 2018 at 22:0

Having diffed the answer, they've removed the query specifier that used to be around query_string – Mceachern 21/12, 2018 at 17:9

For those coming here in the future: The must is an array, so the second set of curly braces that holds the query_string is the second must. – Masquerade 30/5, 2019 at 14:58

so it was the second item in the must array – Burgess 25/11, 2019 at 16:14

@tar there is nothing to explain. The original query was malformed, which means that there was a syntax error in it. No error in the logic of the query of how it was created, just a syntax error. I've corrected the error and posted the correct query. If you compare the two you'll notice the difference. Downvoting a correct answer with an explanation like that is unfair. I hope you'll find my other answers on the Elasticsearch subject more useful to you. – Maud 10/3, 2020 at 6:13

@AndreiStefan can you also explain the error "no start_object after query name", what on earth does it mean? in this case what exactly is a "start_object" and what are the possible things/keywords that could be a start_object? – Atwitter 18/1, 2023 at 5:52

@ThomasNguyen in JSON format { } is considered an "object". Start of an object is the opening curly bracket. no start_object after query name means the JSON parser is expecting an opening curly bracket after the "query name". – Maud 18/1, 2023 at 10:45

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags