Elasticsearch Frustration: The Curious Query
Last year I was poking at an Elasticsearch cluster to review the indexed data and verify that things were healthy. It was all good until I stumbled upon this weird document:
{ "_version": 1, "_index": "events", "_type": "event", "_id": "_query", "_score": 1, "_source": { "query": { "bool": { "must": [ { "range": { "date_created": { "gte": "2016-01-01" } } } ] } } } }
It may not be immediately obvious what's going on in the above snippet.
Instead of a valid event
document, there's a document with a query as
the contents. Additionally, the document ID appears to be _query
instead of the expected GUID. The combination of these two irregularities makes
it seem as if someone accidentally posted a query to the wrong endpoint. No
problem, just delete the document, right?
DELETE /events/event/_query ActionRequestValidationException[Validation Failed: 1: source is missing;]
Wat.