Hi.
I have some logs like this:
log1 {
someField: [ { name: 'A', occurrencies: 4}, {name: 'B', occurencies: 10}]
}
log2 {
someField: [ { name: 'A', occurrencies: 2}, {name: 'B', occurencies: 12} , name: 'C', occurencies: 3]
}
I want a table like this:
name ocurrencies
A 14
B 22
C 3
I can only get the sum of all ocurrencies (A 39 B 39 C 39)
Thanks in advance.
This is not possible in standard tables because arrays are not handled the way you expect in Elasticsearch, and because Kibana has a lot of limitations around the Nested type which would otherwise be a workaround.
If you can change the format of your data, your best option is to create a separate document for each entry in the array.
Hi, thanks for your answer @wylie .
I can change the format of the data, I'm not sure If I undestand you, then the best option will be something like this?
[{ newField: { name: 'A', ocurrencies: 10}, {newField: { name: 'B' ... etc
Not exactly. I was suggesting that you don't use arrays at all, and instead ingest a separate document for each entry in the array. If you happen to use Logstash, this is done using the split filter. Otherwise, it would be done by whatever method you normally ingest data.
Finally I created an object with a different property for each array element.
Thank you for your help @wylie!
Happy new year.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.