Change the return order

f26227279 · October 23, 2017, 7:46am

this is one of return data:
{
"_index": "ntopng-2017.10.22",
"_type": "ntopng",
"_id": "AV9Ef4XlWkHrd_Wf01w6",
"_score": 3,
"_source": {
"L7_PROTO_NAME": "SSL",
"L4_DST_PORT": 443,
"IPV4_SRC_ADDR": "120.127.163.189",
"IN_PKTS": 17,
"IN_BYTES": 1254,
"LAST_SWITCHED": 1508682662,
"OUT_PKTS": 14,
"IPV4_DST_ADDR": "203.104.153.1",
"OUT_BYTES": 4295,
"FIRST_SWITCHED": 1508682661
}
could I change its order (such as ASII)
like this
{
"_index": "ntopng-2017.10.22",
"_type": "ntopng",
"_id": "AV9Ef4XlWkHrd_Wf01w6",
"_score": 3,
"_source": {
"L7_PROTO_NAME": "SSL",
"L4_DST_PORT": 443,
"IPV4_DST_ADDR": "203.104.153.1",
"IPV4_SRC_ADDR": "120.127.163.189",
"IN_PKTS": 17,
"IN_BYTES": 1254,
"OUT_PKTS": 14,
"OUT_BYTES": 4295,
"FIRST_SWITCHED": 1508682661,
"LAST_SWITCHED": 1508682662

}

spinscale · October 23, 2017, 8:51am

the order of the source is based on how it is indexed, elasticsearch does not modify it (unless you use pipelines).

system · November 20, 2017, 8:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.