Hi, Im queriyng elastic with logstash, exec input, and a bash script with curl.
this is the response:
"aggregations" : {
"parent-agg" : {
"buckets" : [
{
"key" : "one",
"sub-aggs-two" : {
"buckets" : [
{
"key" : "A-one",
},
{
"key" : "B-one",
}
]
}
},
{
"key" : "two",
"sub-aggs-two" : {
"buckets" : [
{
"key" : "A-two",
},
{
"key" : "B-two",
}
]
}
}
]
}
}
I know that I can get the parent-agg key value (one and two) with this filter:
split {
field => "[aggregations][parent-agg][buckets]"
}
mutate {
add_field => {
"my_parent_field" => "%{[aggregations][parent-agg][buckets][key]}"
}
}
So I get two documents:
{ "my_parent_field : "one" }
{ "my_parent_field : "two" }
but I need to create this documents
{ "my_parent_field : "one", "my_child_field" : "A-one"},
{ "my_parent_field : "one", "my_child_field" : "B-one"},
{ "my_parent_field : "two" , "my_child_field" : "A-two"},
{ "my_parent_field : "two" , "my_child_field" : "B-two"},
How I can do this?