Create mapping for nested json

secsubs · April 2, 2015, 4:46am

Hi,

Noob at ElasticSearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?

Example:

{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}

I tried to follow the mapping documentation but failed to come up with a mapping that represents the JSON above. I guess I am not sure how to map lists. If it helps, here's how I create the JSON in Scala using the Jackson library:

scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date -> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields -> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP -> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))))))

scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}

Is there a way to get Jackson to spit out the schema that can be directly fed to elasticsearch as a mapping/template?

Thanks.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thierry_Templier_2 · April 2, 2015, 8:26am

Hi,

In fact, you don't need to explicitely specify that a field is a list or
not in the mapping. This is automatically supported by Elasticsearch. See
this link in the documentation for more details:
http://www.elastic.co/guide/en/elasticsearch/reference/1.x/mapping-array-type.html
.

Hope it will help you,
Thierry

2015-04-02 6:46 GMT+02:00 secsubs@gmail.com:

Hi,

Noob at Elasticsearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?

Example:

{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}

I tried to follow the mapping documentation but failed to come up with a mapping that represents the JSON above. I guess I am not sure how to map lists. If it helps, here's how I create the JSON in Scala using the Jackson library:

scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date -> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields -> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP -> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))))))

scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}

Is there a way to get Jackson to spit out the schema that can be directly fed to elasticsearch as a mapping/template?

Thanks.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Best,
Thierry

Thierry Templier, Lead Architect
ttemplier@restlet.com

Restlet SAS, 6 rue Rose Dieng-Kuntz • 44300 Nantes • France

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL73BC21Rx2PoMYNjksbHNinia5%2BAgrHQKTrqiCod6rjvU9Bww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

secsubs · April 4, 2015, 5:59am

Thanks for the pointer, Thierry.

On Thursday, April 2, 2015 at 1:26:44 AM UTC-7, Thierry Templier wrote:

Hi,

In fact, you don't need to explicitely specify that a field is a list or
not in the mapping. This is automatically supported by Elasticsearch. See
this link in the documentation for more details:
http://www.elastic.co/guide/en/elasticsearch/reference/1.x/mapping-array-type.html
.

Hope it will help you,
Thierry

2015-04-02 6:46 GMT+02:00 <sec...@gmail.com <javascript:>>:

Hi,

Noob at Elasticsearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?

Example:

{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}

I tried to follow the mapping documentation but failed to come up with a mapping that represents the JSON above. I guess I am not sure how to map lists. If it helps, here's how I create the JSON in Scala using the Jackson library:

scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date -> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields -> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP -> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))))))

scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}

Is there a way to get Jackson to spit out the schema that can be directly fed to elasticsearch as a mapping/template?

Thanks.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Best,
Thierry

Thierry Templier, Lead Architect
ttem...@restlet.com <javascript:>

Restlet SAS, 6 rue Rose Dieng-Kuntz • 44300 Nantes • France

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/84a5d565-f961-46af-9bc6-86fe48c899eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

secsubs · April 7, 2015, 2:40am

Still struggling with the correct mapping.

I have modified my JSON as:

{
"Date" : "2015-03-21T00:09:00",
"Activities" : [ {
"ActivityName" : "SSH",
"Fields" : [ {
"FieldName" : "User",
"valueCounts" : [ {
"valueName" : "joe",
"valueCount" : 2
}, {
"valueName" : "jack",
"valueCount" : 5
}, {
"valueName" : "jane",
"valueCount" : 10
} ]
}, {
"FieldName" : "DstIP",
"valueCounts" : [ {
"valueName" : "10.1.1.1",
"valueCount" : 2
}, {
"valueName" : "10.2.2.2",
"valueCount" : 5
}, {
"valueName" : "192.168.1.1",
"valueCount" : 10
} ]
} ]
} ]
}

And, I create a mapping as:
curl -XPUT localhost:9200/_template/metrics -d '{
"template" : "metrics",
"order": 2,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"metric" : {
"properties" : {
"Date" : { "type" : "date"},
"Activities" : {
"properties" : {
"ActivityName": {"type" : "string"},
"Fields" : {
"properties" : {
"FieldName" : {"type":"string"},
"valueCounts" : {
"properties" : {
"valueName" : {"type" : "string"},
"valueCount" : {"type" : "integer"}
}
}
}
}
}
}
}
}

}
}'

curl -XPOST 'http://localhost:9200/metrics/metric' -d '
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"FieldName":"User","valueCounts":[{"valueName":"joe","valueCount":2},{"valueName":"jack","valueCount":5},{"valueName":"jane","valueCount":10}]},{"FieldName":"DstIP","valueCounts":[{"valueName":"10.1.1.1","valueCount":2},{"valueName":"10.2.2.2","valueCount":5},{"valueName":"192.168.1.1","valueCount":10}]}]}]}'

But none of the fields get parsed out

I have tried explicitly declaring nested types within the mapping but
doesn't change anything.

What am I doing wrong?

Thanks,

Tim

On Friday, April 3, 2015 at 10:59:31 PM UTC-7, sec...@gmail.com wrote:

Thanks for the pointer, Thierry.

On Thursday, April 2, 2015 at 1:26:44 AM UTC-7, Thierry Templier wrote:

Hi,

In fact, you don't need to explicitely specify that a field is a list or
not in the mapping. This is automatically supported by Elasticsearch. See
this link in the documentation for more details:
http://www.elastic.co/guide/en/elasticsearch/reference/1.x/mapping-array-type.html
.

Hope it will help you,
Thierry

2015-04-02 6:46 GMT+02:00 sec...@gmail.com:

Hi,

Noob at Elasticsearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?

Example:

{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}

I tried to follow the mapping documentation but failed to come up with a mapping that represents the JSON above. I guess I am not sure how to map lists. If it helps, here's how I create the JSON in Scala using the Jackson library:

scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date -> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields -> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP -> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))))))

scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}

Is there a way to get Jackson to spit out the schema that can be directly fed to elasticsearch as a mapping/template?

Thanks.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Best,
Thierry

Thierry Templier, Lead Architect
ttem...@restlet.com

Restlet SAS, 6 rue Rose Dieng-Kuntz • 44300 Nantes • France

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/63c0fd6b-10e4-4b62-a2bf-7fd4f277957b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

secsubs · April 7, 2015, 4:42am

The culprit seems to be Kibana

I sort of forced ES to show it's hands by explicitly forcing analyzing and
storing all fields:

curl -XPUT localhost:9200/_template/metrics -d '{
"template" : "metrics",
"order": 2,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"metric" : {
"properties" : {
"Activities" : {
"type" : "object",
"properties" : {
"ActivityName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"ActivityFields" : {
"type" : "object",
"properties" : {
"FieldName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"valueCounts" : {
"type" : "object",
"properties" : {
"valueName" : {"type" : "string",
"index" : "analyzed", "store" : true},
"valueCount" : {"type" : "integer",
"index" : "analyzed", "store" : true}
}
}
}
}
}
}
}
}
}

}'

The resulting JSON in Kibana shows all the extracted fields - only doesn't
show them as facets!! It discovers them but won't show them as
facets/aggregates. I can search for /Activities.ActivityName: "SSH"/ but no
faceting. Very frustrating. Is there a workaround?

On Wednesday, April 1, 2015 at 9:46:49 PM UTC-7, sec...@gmail.com wrote:

Hi,

Noob at Elasticsearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?

Example:

{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}

I tried to follow the mapping documentation but failed to come up with a mapping that represents the JSON above. I guess I am not sure how to map lists. If it helps, here's how I create the JSON in Scala using the Jackson library:

scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date -> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields -> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP -> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))))))

scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}

Is there a way to get Jackson to spit out the schema that can be directly fed to elasticsearch as a mapping/template?

Thanks.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Krishna_Raj · April 7, 2015, 7:32am

What version of ES are you trying on ? I faced this issue due to a bug in
lower versions. But I am successfully when i upgraded to the newer version.

Thanks,
Kr

On Mon, Apr 6, 2015 at 9:42 PM, secsubs@gmail.com wrote:

The culprit seems to be Kibana

I sort of forced ES to show it's hands by explicitly forcing analyzing and
storing all fields:

curl -XPUT localhost:9200/_template/metrics -d '{
"template" : "metrics",
"order": 2,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"metric" : {
"properties" : {
"Activities" : {
"type" : "object",
"properties" : {
"ActivityName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"ActivityFields" : {
"type" : "object",
"properties" : {
"FieldName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"valueCounts" : {
"type" : "object",
"properties" : {
"valueName" : {"type" : "string",
"index" : "analyzed", "store" : true},
"valueCount" : {"type" : "integer",
"index" : "analyzed", "store" : true}
}
}
}
}
}
}
}
}
}

}'

The resulting JSON in Kibana shows all the extracted fields - only doesn't
show them as facets!! It discovers them but won't show them as
facets/aggregates. I can search for /Activities.ActivityName: "SSH"/ but no
faceting. Very frustrating. Is there a workaround?

On Wednesday, April 1, 2015 at 9:46:49 PM UTC-7, sec...@gmail.com wrote:

Hi,

Noob at Elasticsearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?

Example:

{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}

I tried to follow the mapping documentation but failed to come up with a mapping that represents the JSON above. I guess I am not sure how to map lists. If it helps, here's how I create the JSON in Scala using the Jackson library:

scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date -> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields -> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP -> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))))))

scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}

Is there a way to get Jackson to spit out the schema that can be directly fed to elasticsearch as a mapping/template?

Thanks.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CANH4dajBzbe4A-YCjFSPtjYk2VM%2B7hQga-sZFYNkJ%2B6kNYYstQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

secsubs · April 8, 2015, 8:16pm

No bug in ES, it is a missing feature in Kibana.

github.com/elastic/kibana

Nested field support

opened 05:10PM - 21 Mar 14 UTC

Alex-Ikanow

release_note:enhancement high hanging fruit Feature:Aggregations loe:x-large Team:Visualizations impact:low Feature:New Field Type

This is sort of a duplicate of some other issues I searched for but I haven't se…en this particular aspect discussed, so I thought this was worth a separate issue. You read the _mapping field, so you should know when a particular field is nested, so can it not automatically apply the correct nested facet/query when such a field is selected in queries or facets? (Alternatively/in addition as suggested by #532, you could have a checkbox to allow users to select it themselves, perhaps as an interim measure) I'm sure there are some cases where this gets complicated, but there are also a bunch of cases where it's a straightforward changing of one block of JSON to another. Latest update: https://github.com/elastic/kibana/issues/1084#issuecomment-585178079

I am using ES 1.5.0-1 (rpm for RHEL).

On Tue, Apr 7, 2015 at 12:32 AM, Krishna Raj reach.krishnaraj@gmail.com
wrote:

What version of ES are you trying on ? I faced this issue due to a bug in
lower versions. But I am successfully when i upgraded to the newer version.

Thanks,
Kr

On Mon, Apr 6, 2015 at 9:42 PM, secsubs@gmail.com wrote:

The culprit seems to be Kibana

I sort of forced ES to show it's hands by explicitly forcing analyzing
and storing all fields:

curl -XPUT localhost:9200/_template/metrics -d '{
"template" : "metrics",
"order": 2,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"metric" : {
"properties" : {
"Activities" : {
"type" : "object",
"properties" : {
"ActivityName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"ActivityFields" : {
"type" : "object",
"properties" : {
"FieldName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"valueCounts" : {
"type" : "object",
"properties" : {
"valueName" : {"type" : "string",
"index" : "analyzed", "store" : true},
"valueCount" : {"type" : "integer",
"index" : "analyzed", "store" : true}
}
}
}
}
}
}
}
}
}

}'

The resulting JSON in Kibana shows all the extracted fields - only
doesn't show them as facets!! It discovers them but won't show them as
facets/aggregates. I can search for /Activities.ActivityName: "SSH"/ but no
faceting. Very frustrating. Is there a workaround?

On Wednesday, April 1, 2015 at 9:46:49 PM UTC-7, sec...@gmail.com wrote:

Hi,

Noob at Elasticsearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?

Example:

{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}

I tried to follow the mapping documentation but failed to come up with a mapping that represents the JSON above. I guess I am not sure how to map lists. If it helps, here's how I create the JSON in Scala using the Jackson library:

scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date -> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields -> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP -> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))))))

scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}

Is there a way to get Jackson to spit out the schema that can be directly fed to elasticsearch as a mapping/template?

Thanks.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/qUa6xUb3XMw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CANH4dajBzbe4A-YCjFSPtjYk2VM%2B7hQga-sZFYNkJ%2B6kNYYstQ%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CANH4dajBzbe4A-YCjFSPtjYk2VM%2B7hQga-sZFYNkJ%2B6kNYYstQ%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CADPi3fg38o8G5mDbZQjeOdgLLUmmJj6acJ8o%3Dgf0S2u_wa_Bvg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Create mapping for nested json

-- Best, Thierry

-- Best, Thierry

-- Best, Thierry

--
Best,
Thierry

--
Best,
Thierry

--
Best,
Thierry