Aggregations response in logstash Elastic search filter


(Uday Singh Ghadage) #1

Hi,
Can you please let me know how my elastic search filter plugin configuration should be:

My query in Query.JSON:

{
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"2": {
"filters": {
"filters": {
"JobId:96": {
"query_string": {
"query": "tags:Jobs AND JobId:96",
"analyze_wildcard": true,
"default_field": "*"
}
}
}
},
"aggs": {
"StatusTopHits": {
"top_hits": {
"docvalue_fields": [
"Status.keyword"
],
"_source": "Status",
"size": 1,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}

In logstash i have configuration as
elasticsearch {
hosts => ["localhost:9200"]
index=> "logstash_jobs_*"
query_template => "\config\Query.JSON"
aggregation_fields => { "StatusTopHits" => "LastStatus"} // even if i dont add this line its same issue
fields => { "Status" => "LastStatus"}
}
I am getting null value in LastStatus field.

If i execute query on Kibana i get below resposne with Status 'Completed'. I want to read Status value. Why I am getting nil value from logstash elastic filter?

{
"took": 8,
"timed_out": false,
"_shards": {
"total": 270,
"successful": 270,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 224557,
"max_score": 0,
"hits": []
},
"aggregations": {
"2": {
"buckets": {
"JobId:96": {
"doc_count": 18,
"StatusTopHits": {
"hits": {
"total": 18,
"max_score": null,
"hits": [
{
"_index": "logstash_jobs_in-2018.05.30",
"_type": "doc",
"id": "kwVEsGMBbXg210lQERu",
"_score": null,
"_source": {
"Status": "Completed"
},
"fields": {
"Status.keyword": [
"Completed"
]
},
"sort": [
1527664228390
]
}
]
}
}
}
}
}
}
}


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.