Can I filter an array in elastic?

Elastic Stack Elasticsearch
1

is there a way to filter an array in elastic ?
I have inserted the following data into elastic

"_source":{
"FileName": "fileName.log"
"logData": [
                        {
                            "LineNumber": 1,
                            "Data": "data1"
                        },
                        {
                            "LineNumber": 2,
                            "Data": "Data2"
                        },
                        {
                            "LineNumber": 3,
                            "Data": "Data3"
                        },
                        {
                            "LineNumber": 4,
                            "Data": "Data4"
                        },
                        {
                            "LineNumber": 5,
                            "Data": "Data5"
                        },
                        {
                            "LineNumber": 6,
                            "Data": "Data6"
                        }
]}

is there a way to query such that I get the following response ?

"_source":{
"FileName": "fileName.log"
"logData": [
                        {
                            "LineNumber": 1,
                            "Data": "data1"
                        },
                        {
                            "LineNumber": 2,
                            "Data": "Data2"
                        },
                        {
                            "LineNumber": 3,
                            "Data": "Data3"
                        }
]
}
2

Using bool's Should or Must allow you to use match multiple time

An example here by @ reswob

Hope this help to answer your questions.

3

yes but it returns me the whole object.
The Logdata object is a list of objects, Can I not fetch just few elements from the list?
all my _search queries work fine, just that it returns the whole object with a 100 lines for LogData instead of just the ones that matched the criteria,

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.