search

dutchcoders / marija

Data exploration and visualisation for Elasticsearch and Splunk.
GNU Affero General Public License v3.0
236 stars 29 forks source link

[query_string] query does not support [all_fields] and cannot use [all_fields] parameter in conjunction with [default_field] or [fields] #91

Open ksipma opened 5 years ago

ksipma commented 5 years ago

I want to use marija with docker. I have 2 docker containers. one with marija and one with elasticsearch. I seeded some fake data, the index looks like this:

GET es:9200/test_persons

{
  "test_persons": {
    "aliases": {},
    "mappings": {
      "person": {
        "properties": {
          "city": {
            "type": "string"
          },
          "company": {
            "type": "string"
          },
          "country": {
            "type": "string"
          },
          "email": {
            "type": "string"
          },
          "name": {
            "type": "string"
          }
        }
      }
    },
    "settings": {
      "index": {
        "creation_date": "1551956277080",
        "number_of_shards": "5",
        "number_of_replicas": "1",
        "uuid": "xxxxxx",
        "version": {
          "created": "2040699"
        }
      }
    },
    "warmers": {}
  }
}

I tried a whole lot of different elasticsearch versions in docker

My config of marija looks like this:

config-docker.toml

[datasource]

[datasource.test_persons]
type="elasticsearch"
url="http://es:9200/test_persons"

[[loggings]]
output = "stdout"
level = "debug"

I am not so experienced with elasticsearch, I hope it is just a stupid mistake. Can someone help me?

ksipma commented 5 years ago

It seems this bit is incorrect in the datasource of elasticsearch:

file elasticsearchindexv5.go

q := elastic.NewBoolQuery().Must(
             elastic.NewQueryStringQuery(so.Query).
                 DefaultField("*").
                 AllFields(true),
   )

First of all. These two fields cannot be combined in a single query by default in Elasticsearch. I tried docker es containers

I did not find a single version which would allow this query. My solution would be to remove the defaultField("*") option, since then it will be _all by default. Then I get some results. In ES 6 the all_fields option is deprecated.

When I try other connectors to play around (kvk, rdw, twitter) all of them seems to be broken out of the box and configs are missing. My suggestion is to provide valid configs per datasource and provide information which elasticsearch version is supported and how. For me, right now, it is costing me too much time to use it, which is a pity:)

gavofih commented 5 years ago

Can someone make a hotfix for this?