Hi
We have log in json format with nested json object.
I seems that "nested" field are shown in the field list in settings dunt not in the left bar under discover section. Look the image below, the warning message says Analysis is not available for object field..
I there a way to use discover on such fields?
Regards
Giuseppe
Hi Giuseppe,
What exactly are you trying to visualize or filter on? Something within the evento field? Kibana does not support nested objects like that.
There are a number of open requests, but refer to one of the most recent comments on this issue;
So you probably can't do any aggregations based on that nested data.
Regards,
Lee
Hi Giuseppe,
Let me make a correction. Can you go to your Settings tab, select your index pattern, and click the "refresh field list" and then look for you nested fields there? It helps to sort by name, and then look for evento, and something like evento.ip, etc.
Hi Lee I can see all "subfield" of event, and use them in aggregation.
But I can't see them in the left side of discover tab (where Fields are listed) (see screeshot above).
Giuseppe
Hi Giuseppe,
Kibana only shows the analyzed fields on the Discover tab because are most commonly used for filtering and the list might be too long otherwise. But you can still use the subfields in the query bar. You just have to know what they are from the Settings tab list of fields.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
