Accessing non document fields ElasticSearch Filter

Elastic Stack Logstash
1

In converting some custom ruby code to run as a logstash pipeline, I added an elasticsearch filter pipeline, I'm able to do the query but am unable to access the sort field from the elasticsearch result.

The Filter:

	elasticsearch {
		hosts => ["http://elasticsearch:9200"]
		index => "location"
		query_template => "query.json"
		fields => {
			"country_name" => "[geodata][country]"
			"country_code" => "[geodata][country_code]"
			"region_name" => "[geodata][region]"
			"admin1_code" => "[geodata][region_code]"
			"name" => "[geodata][city]"
			"population" => "[geodata][population]"
			"[sort][0]" => "[geodata][distance_km]"
		}
	}

The query:

{
	"size" : 1,
	"query" : { "bool" : { "filter" : [ 
				{ "term" : { "feature_class" : "P" } },
				{ "range" : { "population" : { "gt" : 0 } } },
				{ "geo_distance" : { 
						"distance" : "1000km",
						"location" : {
							"lat" : "%{[location][1]}",
							"lon" : "%{[location][0]}"
						}
					}
				}
			]
		}
	},
	"sort" : [
		{ 
			"_geo_distance" : {
				"location" : { 
					"lat" : "%{[location][1]}",
					"lon" : "%{[location][0]}"
				}, 
				"unit" : "km"
			}
		}
	]
}

The result for an example:

{
  "took" : 9,
  "timed_out" : false,
  "_shards" : {
    "total" : 3,
    "successful" : 3,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 293,
    "max_score" : null,
    "hits" : [
      {
        "_index" : "geonames-2018-11-25_reindex",
        "_type" : "_doc",
        "_id" : "af-0TGcB_qrwk1wisyv6",
        "_score" : null,
        "_source" : {
          "geonameid" : "5859888",
          "name" : "Cordova",
          "asciiname" : "Cordova",
          "alternatenames" : [
            "CDV",
            "Kordova",
            "ke er duo wa",
            "kodoba",
            "kordobha",
            "kwrdwfa",
            "kwrdwwa  alaska",
            "Кордова",
            "كوردوفا",
            "کوردووا، آلاسکا",
            "कोर्दोभा",
            "コードバ",
            "科尔多瓦"
          ],
          "latitude" : 60.5432,
          "longitude" : -145.75867,
          "feature_class" : "P",
          "feature_code" : "PPL",
          "country_code" : "US",
          "cc2" : [ ],
          "admin1_code" : "AK",
          "admin2_code" : "261",
          "population" : 2196,
          "elevation" : 29,
          "dem" : -9999,
          "timezone" : "America/Anchorage",
          "modification_date" : "2017-06-12",
          "location" : [
            -145.75867,
            60.5432
          ],
          "feature_name" : "populated place",
          "region_name" : "Alaska",
          "admin2" : "Valdez-Cordova Census Area",
          "country_name" : "United States"
        },
        "sort" : [
          202.01066621324418
        ]
      }
    ]
  }
}

I'm attempting to add the "sort" value to the resultant document and not sure of the exact syntax.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.