Re: Elastic Search Interpreter limitation?

Tue, 19 Apr 2016 11:36:12 -0700 

Hi Bruno,

I am encountering another issue, which might also be related to the
interpreter.

When using the "fields" attribute in the query to select the exact fields
to return, I get an "Error: String is null" through Zeppelin, while the
same query works through the REST interface.

I noticed that a normal query, of the form

{
  "query": {"regexp":{"log":"module"}}
}

returns results in the following format:
"hits": {....
    "hits": [
      {....
        "_source": {


while a query with "fields", return results in the format:
"hits": {....
    "hits": [
      {....
        "fields": {

Could this be the issue? I had a quick scan over the
ElasticsearchInterpreter.buildSearchHitsResponseMessage, but couldn't find
any dependency on "_source" to validate my assumption.

Do you think this could be an interpreter issue?

Regards,
Ashish

On Tue, Apr 19, 2016 at 10:54 PM, ashish rawat <dceash...@gmail.com> wrote:

> Thanks Bruno for the prompt reply. Do you know of any indirect way of
> achieving the same, i.e. timeseries' of all values of a field (eg logLevel,
> httpMethod)
>
> Regards,
> Ashish
>
> On Tue, Apr 19, 2016 at 10:38 PM, Bruno Bonnin <bbon...@gmail.com> wrote:
>
>> Hello,
>>
>> You are right, there are some limitations with the Elasticsearch
>> interpreter.
>> I have developed it and I'am going to check how I can change the
>> component to take into account this kind of more complex request.
>>
>> Regards,
>> Bruno
>>
>> 2016-04-19 18:53 GMT+02:00 ashish rawat <dceash...@gmail.com>:
>>
>>> Hi,
>>>
>>> I am trying to use the filters aggregation of elastic search
>>>
>>> https://www.elastic.co/guide/en/elasticsearch/reference/2.2/search-aggregations-bucket-filters-aggregation.html
>>>
>>>
>>> As documented on the elastic page, I made the following query through
>>> zeppelin
>>> {
>>>   "aggs" : {
>>>     "messages" : {
>>>       "filters" : {
>>>         "filters" : {
>>>           "error" :   { "term" : { "logLevel" : "error"   }},
>>>           "trace" : { "term" : { "logLevel" : "trace" }}
>>>         }
>>>       },
>>>      "aggs" : {
>>>         "messages_over_time" : {
>>>             "date_histogram" : {
>>>                 "field" : "timestamp",
>>>                 "interval" : "day",
>>>                 "format" : "yyyy-MM-dd"
>>>             }
>>>         }
>>>     }
>>>     }
>>>
>>> but the response only contained the fields: 'key' and 'doc_count',
>>> whereas if I run the same query through elastic's rest interface, I get the
>>> following result
>>>
>>>   "aggregations": {
>>>     "messages": {
>>>       "buckets": {
>>>         "error": {
>>>           "doc_count": 57,
>>>           "messages_over_time": {
>>>             "buckets": [
>>>               {
>>>                 "key_as_string": "2016-03-21",
>>>                 "key": 1458518400000,
>>>                 "doc_count": 1
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-22",
>>>                 "key": 1458604800000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-23",
>>>                 "key": 1458691200000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-24",
>>>                 "key": 1458777600000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-25",
>>>                 "key": 1458864000000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-26",
>>>                 "key": 1458950400000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-27",
>>>                 "key": 1459036800000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-28",
>>>                 "key": 1459123200000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-29",
>>>                 "key": 1459209600000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-30",
>>>                 "key": 1459296000000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-03-31",
>>>                 "key": 1459382400000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-04-01",
>>>                 "key": 1459468800000,
>>>                 "doc_count": 8
>>>               },
>>>               {
>>>                 "key_as_string": "2016-04-02",
>>>                 "key": 1459555200000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-04-03",
>>>                 "key": 1459641600000,
>>>                 "doc_count": 0
>>>               },
>>>               {
>>>                 "key_as_string": "2016-04-04",
>>>                 "key": 1459728000000,
>>>                 "doc_count": 48
>>>               }
>>>             ]
>>>           }
>>>         },
>>>         "trace": {
>>>           "doc_count": 372,
>>>           "messages_over_time": {
>>>             "buckets": [
>>>               {
>>>                 "key_as_string": "2016-04-04",
>>>                 "key": 1459728000000,
>>>                 "doc_count": 372
>>>               }
>>>             ]
>>>           }
>>>         }
>>>       }
>>>     }
>>>
>>> as expected, it has the timeseries of the 'error' and 'trace' messages.
>>>
>>> Is there any limitation in elastic search interpreter which does not
>>> allow parsing of complex responses?
>>>
>>> Regards,
>>> Ashish
>>>
>>>
>>
>

Reply via email to