Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Expected [START_OBJECT] under [filter]

Tags:

rest

elasticsearch

I want to put double filter in aggs. such like this.

"aggs": {
  "download1" : {
        "filter" : [
            { "term": { "IPV4_DST_ADDR":"192.168.0.159"}},
            { "range": { "LAST_SWITCHED": { "gte": "now-5m" } }}
        ],
        "aggs" : {
            "downlod_bytes" : { "sum" : { "field" : "IN_BYTES" } }
        }
    }
}

but it show me an error:

"error": {
"root_cause": [
  {
    "type": "parsing_exception",
    "reason": "Expected [START_OBJECT] under [filter], but got a [START_ARRAY] in [download1]",
    "line": 33,
    "col": 24
  }
]}

How can I do, thank you in advance!

like image 732
張皓翔 Avatar asked Oct 19 '25 03:10

張皓翔

1 Answers

You need to combine both queries with a bool/filter

{
  "aggs": {
    "download1": {
      "filter": {
        "bool": {
          "filter": [
            {
              "term": {
                "IPV4_DST_ADDR": "192.168.0.159"
              }
            },
            {
              "range": {
                "LAST_SWITCHED": {
                  "gte": "now-5m"
                }
              }
            }
          ]
        }
      },
      "aggs": {
        "downlod_bytes": {
          "sum": {
            "field": "IN_BYTES"
          }
        }
      }
    }
  }
}
like image 138
Val Avatar answered Oct 20 '25 17:10

Val
Sign in to Comment

Related questions

Embedd Swagger UI into Blazor Server Side App
How to build a REST API without resource? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!