Hi Mathieu, have you tried using the correct query parameter, i. e. "fields" instead of "field" in Graylog 2.0.x?
Cheers, Jochen On Tuesday, 23 August 2016 17:54:02 UTC+2, Mathieu Grzybek wrote: > > Hi Jochen, > > It should give something like that : > > curl -s > "http://mygraylog.org/search/universal/relative/terms?query=%2A&range=300&filter=streams%3A55dc68d60cf293c638ddf255&field=status"; > > <http://mygraylog.org/search/universal/relative/terms?query=%2A&range=300&filter=streams%3A55dc68d60cf293c638ddf255&field=status> > > | python -mjson.tool > { > "built_query": > "{\"from\":0,\"query\":{\"bool\":{\"must\":{\"match_all\":{}},\"filter\":{\"bool\":{\"must\":[{\"range\":{\"timestamp\":{\"from\":\"2016-08-23 > > 15:35:21.889\",\"to\":\"2016-08-23 > 15:40:21.889\",\"include_lower\":true,\"include_upper\":true}}},{\"query_string\":{\"query\":\"streams:55dc68d60cf293c638ddf255\"}}]}}}},\"aggregations\":{\"gl2_filter\":{\"filter\":{\"bool\":{\"must\":[{\"range\":{\"timestamp\":{\"from\":\"2016-08-23 > > 15:35:21.889\",\"to\":\"2016-08-23 > 15:40:21.889\",\"include_lower\":true,\"include_upper\":true}}},{\"query_string\":{\"query\":\"streams:55dc68d60cf293c638ddf255\"}}]}},\"aggregations\":{\"gl2_terms\":{\"terms\":{\"field\":\"status\",\"size\":50}},\"missing\":{\"missing\":{\"field\":\"status\"}}}}}}", > "missing": 2, > "other": 8530, > "terms": { > "200": 1600, > "404": 20, > "503": 10 > }, > "time": 20, > "total": 1630 > } > > It is what is called termsRelative in the API documentation. > > Mathieu > > On 08/23/16 12:29, Jochen Schalanda wrote: > > Hi Mathieu, > > the Graylog REST API changed between Graylog 1.x and Graylog 2.x. > > What should the request, you've posted, exactly do? > > Cheers, > Jochen > > On Tuesday, 23 August 2016 14:14:13 UTC+2, Mathieu Grzybek wrote: >> >> Hello, >> >> I have found that since my upgrade to 2.0 I cannot compute the quick >> value widget. It only appears on field called "status". >> I don't see any exception on elasticsearch logs. The only messages found >> are in graylog server.log: >> >> [SearchResource] Missing fields parameter. Returning HTTP 400 >> [SearchResource] Unable to execute search: [reduce] >> >> >> call example: >> >> curl >> " >> http://mygraylog.org:12900/search/universal/relative/terms?query=%2A&range=300&filter=streams%3A55dc68d60cf293c638ddf255&field=status"; >> >> >> {"query":"*","begin_column":null,"begin_line":null,"end_column":null,"end_line":null,"message":"Unable >> >> >> to execute >> search","exception_name":"org.elasticsearch.action.search.ReduceSearchPhaseException"} >> >> >> >> Is it a reserved word ? >> I don't understand the error because a lot of messages of the given >> stream contain the requested field. >> >> Thanks, >> Mathieu >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/16d06568-d6b2-4e21-935b-c2011b181018%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
