Can't work with object's properties for aggregations

Elastic Stack Kibana
1

Hello everyone,
I'm trying to work with a property containing an array of objects in my index. You can find the index's mapping behind.

This is my index mapping.

PUT test-index
{
  "mappings": {
    "properties": {
      "eventid": { "type": "text" },
      "eventdates": { "type": "date" },
      "machineid": {
        "type": "text",
        "fields": {
          "keyword": {
            "ignore_above": 256.0,
            "type": "keyword"
          }
        }
      },
      "products": {
        "properties": {
          "product": {
            "type": "text",
            "fields": {
              "keyword": {
                "ignore_above": 256.0,
                "type": "keyword"
              }
            }
          },
          "version": {
            "type": "text",
            "fields": {
              "keyword": {
                "ignore_above": 256.0,
                "type": "keyword"
              }
            }
          }
        }
      }
    }
  }
}

There is sample data of that index :

POST test-index/_doc 
{
  "eventid":"6025d4fa-35c4-477e-a063-924b867d8b0d",
  "eventdates":"2021-09-27T12:43:00.0331798+00:00",
  "machineid":"12",
  "products":{
    "Product1":"1.2.5.12",
    "Product2": "2.12.2.5",
    "Product3": "1.0.0.2"
  }
}

POST test-index/_doc 
{
  "eventid":"8825d4fa-35c4-477e-a063-924b867d8b0d",
  "eventdates":"2021-09-27T12:43:00.0331798+00:00",
  "machineid":"15",
  "products":{
    "Product2":"1.2.4.12",
    "Product3": "2.15.2.5",
    "Product4": "1.1.0.2"
  }
}

image

My goal is to create data table in Kibana like this picture.
I triyed to configure the property with differents types (nested, flattened, object) but cannot made it work.
If someone can help me for this, it will be very very helpful !
Thank you ! :grinning_face_with_smiling_eyes:

2

Hi @Thomas_DRABO,

The way your index is currently mapped, it is looking for an exact match to the product field and since your field names are Product1, Product2, ProductN, it is likely not mapping those fields. Can you try using dynamic templates in order to perform a prefix match on the field name?

Thanks,

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.