Hi,
I'm using curl to query Elasticsearch. The response is in JSON and looks like the example below. But I can't figure out which field to split on to create a seperate document for each person.
I tried json filter and splitting on various fields such as persons or key. I also tried json codec in the input and then a split filter but no matter what I do I don't get the desired result.
Where am I going wrong?
{
"took": 12,
"timed_out": false,
"_shards": {
"total": 43,
"successful": 43,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": null,
"hits": [
]
},
"aggregations": {
"persons": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "8913514",
"doc_count": 6899,
"latest_data": {
"hits": {
"total": {
"value": 6899,
"relation": "eq"
},
"max_score": null,
"hits": [
{
"_index": "index",
"_type": "doc",
"_id": "f0zg6GoBvaTlju420DQW",
"_score": null,
"_source": {
"@timestamp": "2019-05-24T07:59:00.290Z",
"type": "basic",
"name": "person C"
},
"sort": [
1558684740290
]
}
]
}
}
},
{
"key": "9443827",
"doc_count": 6810,
"latest_data": {
"hits": {
"total": {
"value": 6810,
"relation": "eq"
},
"max_score": null,
"hits": [
{
"_index": "index",
"_type": "doc",
"_id": "L0vf6GoBvaTlju42Bf8f",
"_score": null,
"_source": {
"@timestamp": "2019-05-24T07:59:00.178Z",
"type": "basic",
"name": "person A"
},
"sort": [
1558684740178
]
}
]
}
}
},
{
"key": "9174490",
"doc_count": 23,
"latest_data": {
"hits": {
"total": {
"value": 23,
"relation": "eq"
},
"max_score": null,
"hits": [
{
"_index": "index",
"_type": "doc",
"_id": "vUve6GoBvaTlju42JNko",
"_score": null,
"_source": {
"@timestamp": "2019-05-24T07:59:00.232Z",
"type": "basic",
"name": "person B"
},
"sort": [
1558684740232
]
}
]
}
}
}
]
}
}
}