Fail to parse query_template

[joaopalma5]

• Version: 3.9.0
• Operating System: Linux/Docker
• Config File:
  Logstash.conf
  elasticsearch { add_tag => [ "taskElasticsearch " ] hosts => "elasticsearch:9200" user => "elastic" password => "password" index => ["filebeat-*"] query_template => "taskElapsedQuery.json" fields => { "@timestamp" => "record_started" } }
  taskElapsedQuery.json
  { "size": 1, "sort" : [ { "@timestamp" : "desc" } ], "query": { "bool": { "must": { "bool" : { "must": [ { "match": { "@message.LogType": "Start" }},{ "match_phrase": { "@message.activityInstanceId": %{[@message][activityInstanceId]} }} ] } } } }, "_source": [ "@timestamp" ] }

In taskElapsedQuery.json, if I put "@message.activityInstanceId": %{[@message][activityInstanceId]} } don't run the filter!! But if I put "@message.activityInstanceId": "ServiceTask_0x3lcq7:746360dc-e630-11ea-aa7c-02420a010002" } the filter runs as works good!! You know what is the error when is parsing?

------- EDIT
If I try with "@message.activityInstanceId.keyword": %{[@message][activityInstanceId]}, fail with tag [4] "_elasticsearch_lookup_failure"

[joaopalma5]

I believe this error is equal to #55