I have below indexes in the kibana when searched with below query.
GET /_xpack/sql?format=txt
{
"query": "SHOW tables"
}
Output:
name | type
---------------------------------+---------------
.kibana |ALIAS
.kibana_1 |BASE TABLE
.monitoring-es-6-2019.03.17 |BASE TABLE
.monitoring-kibana-6-2019.03.17 |BASE TABLE
.monitoring-logstash-6-2019.03.17|BASE TABLE
bank |BASE TABLE
logstash-2015.05.18 |BASE TABLE
logstash-2015.05.19 |BASE TABLE
logstash-2015.05.20 |BASE TABLE
When trying to search logstash table getting error as below.
GET _xpack/sql?format=txt
{
"query": "select * from logstash-2015.05.18"
}
Error Output
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "line 1:23: mismatched input '-' expecting {<EOF>, ',', 'ANALYZE', 'ANALYZED', 'AS', 'CATALOGS', 'COLUMNS', 'CURRENT', 'DAY', 'DEBUG', 'EXECUTABLE', 'EXPLAIN', 'FIRST', 'FORMAT', 'FULL', 'FUNCTIONS', 'GRAPHVIZ', 'GROUP', 'HAVING', 'HOUR', 'INNER', 'INTERVAL', 'JOIN', 'LAST', 'LEFT', 'LIMIT', 'MAPPED', 'MINUTE', 'MONTH', 'NATURAL', 'OPTIMIZED', 'ORDER', 'PARSED', 'PHYSICAL', 'PLAN', 'RIGHT', 'RLIKE', 'QUERY', 'SCHEMAS', 'SECOND', 'SHOW', 'SYS', 'TABLES', 'TEXT', 'TYPE', 'TYPES', 'VERIFY', 'WHERE', 'YEAR', '{LIMIT', IDENTIFIER, DIGIT_IDENTIFIER, QUOTED_IDENTIFIER, BACKQUOTED_IDENTIFIER}"
}
],
"type": "parsing_exception",
"reason": "line 1:23: mismatched input '-' expecting {<EOF>, ',', 'ANALYZE', 'ANALYZED', 'AS', 'CATALOGS', 'COLUMNS', 'CURRENT', 'DAY', 'DEBUG', 'EXECUTABLE', 'EXPLAIN', 'FIRST', 'FORMAT', 'FULL', 'FUNCTIONS', 'GRAPHVIZ', 'GROUP', 'HAVING', 'HOUR', 'INNER', 'INTERVAL', 'JOIN', 'LAST', 'LEFT', 'LIMIT', 'MAPPED', 'MINUTE', 'MONTH', 'NATURAL', 'OPTIMIZED', 'ORDER', 'PARSED', 'PHYSICAL', 'PLAN', 'RIGHT', 'RLIKE', 'QUERY', 'SCHEMAS', 'SECOND', 'SHOW', 'SYS', 'TABLES', 'TEXT', 'TYPE', 'TYPES', 'VERIFY', 'WHERE', 'YEAR', '{LIMIT', IDENTIFIER, DIGIT_IDENTIFIER, QUOTED_IDENTIFIER, BACKQUOTED_IDENTIFIER}",
"caused_by": {
"type": "input_mismatch_exception",
"reason": null
}
},
"status": 400
}
Can you please advice how we can do select query in this kind of senario.
Regards, Hemanth.
Just make use of double quotes to escape. Below query should resolve the issue.
POST _xpack/sql?format=txt
{
"query": "select * from \"logstash-2015.05.18\""
}
Hope it helps!