You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When searching for a non IP string literal in OpenSearch dashboards, an error message occurs. This is caused by an underlying error in the search, that only surfaces under the very particular circumstances of the dashboard query.
Related component
Search
To Reproduce
Go to Discovery in OpenSearch dashboards
Enter search string not src_ip:"-" where src_ip is a field of type IP.
Start the search
Receive an error message indicating a null pointer exception
Expected behavior
An error message explaining the incorrect use of "-" as value for an IP.
Alternatively, OS dashboards could formulate the query for this particular value to be an exists query.
Additional Details
Plugins
Not sure, how to determine that. Security and ML are disabled for sure.
Screenshots
Host/Environment (please complete the following information):
OS: Linux
Version: 2.15.0
Additional context
I have extracted the query and analyzed it with the Dev Tools. I can reduced it to the following form:
With this query, I get the same error as below. However, if I remove any of the following the search will not return an error, but a response indicating the wrong value for the field src_ip:
sort clause
aggs clause
range filter for `@timestamp``
Only if all these three parts are part of the query, the error response occurs.
Full error response:
{
"error": {
"root_cause": [
{
"type": "query_shard_exception",
"reason": "failed to create query: '-' is not an IP string literal.",
"index": "logstash-2024.08.21",
"index_uuid": "wh0lN0yPSvCxZdiLmkQVPQ"
}
],
"type": "search_phase_execution_exception",
"reason": "",
"phase": "fetch",
"grouped": true,
"failed_shards": [
{
"shard": 1,
"index": "logstash-2024.08.21",
"node": "gnWTbYpcQ_q2lsPMg1L5Aw",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: '-' is not an IP string literal.",
"index": "logstash-2024.08.21",
"index_uuid": "wh0lN0yPSvCxZdiLmkQVPQ",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "'-' is not an IP string literal."
}
}
}
],
"caused_by": {
"type": "null_pointer_exception",
"reason": "Cannot invoke \"org.opensearch.search.aggregations.InternalAggregations.getSerializedSize()\" because \"reducePhase.aggregations\" is null"
}
},
"status": 400
}
Failure response without sort clause:
{
"took": 14,
"timed_out": false,
"_shards": {
"total": 42,
"successful": 38,
"skipped": 0,
"failed": 4,
"failures": [
{
"shard": 0,
"index": "logstash-2024.08.21",
"node": "gnWTbYpcQ_q2lsPMg1L5Aw",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: '-' is not an IP string literal.",
"index": "logstash-2024.08.21",
"index_uuid": "wh0lN0yPSvCxZdiLmkQVPQ",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "'-' is not an IP string literal."
}
}
}
]
},
"hits": {
"total": {
"value": 0,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"2": {
"buckets": []
}
}
}
OpenSearch Dashboards Discover error message:
null_pointer_exception
Cannot invoke "org.opensearch.search.aggregations.InternalAggregations.getSerializedSize()" because "reducePhase.aggregations" is null
Error
at fetch_Fetch.fetchResponse (https://cflogs.cf.stagingaws.hanavlab.ondemand.com/7749/bundles/core/core.entry.js:15:243178)
at async interceptResponse (https://cflogs.cf.stagingaws.hanavlab.ondemand.com/7749/bundles/core/core.entry.js:15:237932)
at async https://cflogs.cf.stagingaws.hanavlab.ondemand.com/7749/bundles/core/core.entry.js:15:240899
The text was updated successfully, but these errors were encountered:
Describe the bug
When searching for a non IP string literal in OpenSearch dashboards, an error message occurs. This is caused by an underlying error in the search, that only surfaces under the very particular circumstances of the dashboard query.
Related component
Search
To Reproduce
not src_ip:"-"
wheresrc_ip
is a field of type IP.Expected behavior
An error message explaining the incorrect use of
"-"
as value for an IP.Alternatively, OS dashboards could formulate the query for this particular value to be an exists query.
Additional Details
Plugins
Not sure, how to determine that. Security and ML are disabled for sure.
Screenshots
Host/Environment (please complete the following information):
Additional context
I have extracted the query and analyzed it with the Dev Tools. I can reduced it to the following form:
With this query, I get the same error as below. However, if I remove any of the following the search will not return an error, but a response indicating the wrong value for the field
src_ip
:sort
clauseaggs
clauserange
filter for `@timestamp``Only if all these three parts are part of the query, the error response occurs.
Full error response:
Failure response without
sort
clause:OpenSearch Dashboards Discover error message:
The text was updated successfully, but these errors were encountered: