elasticsearchelasticsearch-x-packxpackelasticsearch-sql

Unable to perform SQL search on logstash index in kibana


I have below indexes in the kibana when searched with below query.

GET /_xpack/sql?format=txt
{
    "query": "SHOW tables"
}

Output:

              name               |     type      
---------------------------------+---------------
.kibana                          |ALIAS          
.kibana_1                        |BASE TABLE     
.monitoring-es-6-2019.03.17      |BASE TABLE     
.monitoring-kibana-6-2019.03.17  |BASE TABLE     
.monitoring-logstash-6-2019.03.17|BASE TABLE     
bank                             |BASE TABLE     
logstash-2015.05.18              |BASE TABLE     
logstash-2015.05.19              |BASE TABLE     
logstash-2015.05.20              |BASE TABLE     

When trying to search logstash table getting error as below.

GET _xpack/sql?format=txt
{
  "query": "select * from logstash-2015.05.18"
}

Error Output

{
  "error": {
    "root_cause": [
      {
        "type": "parsing_exception",
        "reason": "line 1:23: mismatched input '-' expecting {<EOF>, ',', 'ANALYZE', 'ANALYZED', 'AS', 'CATALOGS', 'COLUMNS', 'CURRENT', 'DAY', 'DEBUG', 'EXECUTABLE', 'EXPLAIN', 'FIRST', 'FORMAT', 'FULL', 'FUNCTIONS', 'GRAPHVIZ', 'GROUP', 'HAVING', 'HOUR', 'INNER', 'INTERVAL', 'JOIN', 'LAST', 'LEFT', 'LIMIT', 'MAPPED', 'MINUTE', 'MONTH', 'NATURAL', 'OPTIMIZED', 'ORDER', 'PARSED', 'PHYSICAL', 'PLAN', 'RIGHT', 'RLIKE', 'QUERY', 'SCHEMAS', 'SECOND', 'SHOW', 'SYS', 'TABLES', 'TEXT', 'TYPE', 'TYPES', 'VERIFY', 'WHERE', 'YEAR', '{LIMIT', IDENTIFIER, DIGIT_IDENTIFIER, QUOTED_IDENTIFIER, BACKQUOTED_IDENTIFIER}"
      }
    ],
    "type": "parsing_exception",
    "reason": "line 1:23: mismatched input '-' expecting {<EOF>, ',', 'ANALYZE', 'ANALYZED', 'AS', 'CATALOGS', 'COLUMNS', 'CURRENT', 'DAY', 'DEBUG', 'EXECUTABLE', 'EXPLAIN', 'FIRST', 'FORMAT', 'FULL', 'FUNCTIONS', 'GRAPHVIZ', 'GROUP', 'HAVING', 'HOUR', 'INNER', 'INTERVAL', 'JOIN', 'LAST', 'LEFT', 'LIMIT', 'MAPPED', 'MINUTE', 'MONTH', 'NATURAL', 'OPTIMIZED', 'ORDER', 'PARSED', 'PHYSICAL', 'PLAN', 'RIGHT', 'RLIKE', 'QUERY', 'SCHEMAS', 'SECOND', 'SHOW', 'SYS', 'TABLES', 'TEXT', 'TYPE', 'TYPES', 'VERIFY', 'WHERE', 'YEAR', '{LIMIT', IDENTIFIER, DIGIT_IDENTIFIER, QUOTED_IDENTIFIER, BACKQUOTED_IDENTIFIER}",
    "caused_by": {
      "type": "input_mismatch_exception",
      "reason": null
    }
  },
  "status": 400
}

Can you please advice how we can do select query in this kind of senario.

Regards, Hemanth.


Solution

  • Just make use of double quotes to escape. Below query should resolve the issue.

    POST _xpack/sql?format=txt
    {
        "query": "select * from \"logstash-2015.05.18\""
    }
    

    Hope it helps!