【发布时间】:2016-12-10 02:34:42
【问题描述】:
所以我试图在“svctag”字段中获取所有具有重复数据的文档。
我对此进行了以下查询。
"aggs": { "svctag": { "terms": { "field": "svctag","size": 0, "min_doc_count": 2}}}
我也试过用这个运行它,但仍然遇到同样的错误。
{"aggs": {"duplicateNames": {"terms": { "field": "svctag","size": 0, "min_doc_count": 2}}}}
但在运行时,我收到以下错误。
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"query_parsing_exception","reason":"Failed to parse query [\"aggs\": { \"svctag\": { \"terms\": { \"field\": \"svctag\",\"size\": 0, \"min_doc_count\": 2}}}]","index":"logstash-data","line":1,"col":430}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"logstash-data","node":"PDjSn1G3SYS7jgGLRBV2HQ","reason":{"type":"query_parsing_exception","reason":"Failed to parse query [\"aggs\": { \"svctag\": { \"terms\": { \"field\": \"svctag\",\"size\": 0, \"min_doc_count\": 2}}}]","index":"logstash-data","line":1,"col":430,"caused_by":{"type":"parse_exception","reason":"Cannot parse '\"aggs\": { \"svctag\": { \"terms\": { \"field\": \"svctag\",\"size\": 0, \"min_doc_count\": 2}}}': Encountered \" \":\" \": \"\" at line 1, column 6.\r\nWas expecting one of:\r\n <EOF> \r\n <AND> ...\r\n <OR> ...\r\n <NOT> ...\r\n \"+\" ...\r\n \"-\" ...\r\n <BAREOPER> ...\r\n \"(\" ...\r\n \"*\" ...\r\n \"^\" ...\r\n <QUOTED> ...\r\n <TERM> ...\r\n <FUZZY_SLOP> ...\r\n <PREFIXTERM> ...\r\n <WILDTERM> ...\r\n <REGEXPTERM> ...\r\n \"[\" ...\r\n \"{\" ...\r\n <NUMBER> ...\r\n ","caused_by":{"type":"parse_exception","reason":"Encountered \" \":\" \": \"\" at line 1, column 6.\r\nWas expecting one of:\r\n <EOF> \r\n <AND> ...\r\n <OR> ...\r\n <NOT> ...\r\n \"+\" ...\r\n \"-\" ...\r\n <BAREOPER> ...\r\n \"(\" ...\r\n \"*\" ...\r\n \"^\" ...\r\n <QUOTED> ...\r\n <TERM> ...\r\n <FUZZY_SLOP> ...\r\n <PREFIXTERM> ...\r\n <WILDTERM> ...\r\n <REGEXPTERM> ...\r\n \"[\" ...\r\n \"{\" ...\r\n <NUMBER> ...\r\n "}}}}]}}
我哪里出错了?任何帮助将不胜感激。
【问题讨论】:
标签: elasticsearch kibana kibana-4 elastic-stack