Documents with key-value tags and how to (regexp) search them

Elastic Stack Elasticsearch
1

Hi all,
I have documents that have an id and a set of tags (key/value pairs, the
keys being unique).
Example:

Id "servers.dfvimeodfs1.diskspace._srv_node_dfs12.byte_used"
Tags: {

  • what:bytes
  • plugin:diskspace
  • target_type:gauge
  • server:dfvimeodfs1
  • mountpoint:_srv_node_dfs12
  • type:used

}

I want to be able to retrieve all documents that match all given
conditions, where
"condition" can be any of the following:

  • substring match on ID
  • regexp match on ID
  • a tag search where the tag key and tag value must match given strings
  • a tag search where the tag key and tag value match substrings
  • a tag search where the tag key and tag value are matched using regexp
    (note for the last 3 conditions: it's not sufficient that the document has
    a matching tag and a matching value, the tag key and value must correspond
    (i.e. there must be a key-value pair for which the key and val match)

I did some research and I think I can just use the id as the id in
elasticsearch, but storing the tags is a little trickier.
my first idea (somewhat simplistic) was to just store each key/value-pair
as an attribute in the json, but
It seems like regexp (and term queries in general) don't support queries on
the keys, only on the values.
so maybe i should store each key-vale pair as something like
{
"key": ,
"val":
}
?

  1. is this overkill or the way to go? am I correct that I can't search on
    keys /attribute names?
  2. seeing as I only need equality checks, substrings and regexps, I think I
    can disable all tokenizing/analyzing?
  3. any advice on how to structure my documents and/or on configuring the
    mapping would be very welcome
  4. is there an elegant way to express the above conditions as a single
    string and use
    http://www.elasticsearch.org/guide/reference/query-dsl/query-string-query/
    to work with user input directly?
    right now my app* accepts "queries" like (the AND of) "match_id_on_this
    tag_key_equals_this=tag_val_equals_this
    tag_key_regex_match:tag_val_regex_match" and the app parses the input
    string and generates a query but if I could feed in user input directly,
    that would be pretty cool. i'm just not sure if what i want is possible
    with this feature..

[*] https://github.com/vimeo/graph-explorer#query-parsing-and-execution

thanks!
Dieter

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.