Briefly, this error occurs when Elasticsearch encounters an unknown or unsupported operator in a query. This could be due to a typo, incorrect syntax, or use of an operator that is not supported in the current version of Elasticsearch. To resolve this issue, you should review your query and ensure that all operators are correctly spelled and supported. If you’re using a deprecated operator, replace it with a supported one. Also, ensure that your query syntax is correct, including proper use of brackets and commas.
This guide will help you check for common problems that cause the log ” Unknown operator {} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: parser, plugin.
Log Context
Log “Unknown operator {}” class name is ExpressionBuilder.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
case EqlBaseParser.NEQ -> new Not(source; new Equals(source; left; right; zoneId)); case EqlBaseParser.LT -> new LessThan(source; left; right; zoneId); case EqlBaseParser.LTE -> new LessThanOrEqual(source; left; right; zoneId); case EqlBaseParser.GT -> new GreaterThan(source; left; right; zoneId); case EqlBaseParser.GTE -> new GreaterThanOrEqual(source; left; right; zoneId); default -> throw new ParsingException(source; "Unknown operator {}"; source.text()); }; } @Override public Expression visitOperatorExpressionDefault(EqlBaseParser.OperatorExpressionDefaultContext ctx) {