Eland: How to access and filter nested fields in a DataFrame?

Paddyns · December 22, 2021, 11:27am

Hi,

I'm trying to use the examples from the ELAND docs e.g. this filtering example from github

df[(df.Carrier=="Kibana Airlines") & (df.AvgTicketPrice > 900.0) & (df.Cancelled == True)].head()

But the fields I have all seem to have points in them like agent.hostname so the char '.' in the fields are giving me issues e.g.

df[(df.agent.hostname=="SERVER1")].head()
results in
AttributeError: 'DataFrame' object has no attribute 'agent'

Can I change the field names in the ELAND DataFrame without affecting them in ElasticStack or how could I deal with these unusual field names while not dumping all the data to a local Pandas Dataframe?

@sethmlarson call out

sethmlarson · December 24, 2021, 2:36pm

Hello! Looks like your fields may have dots in the names? (ie agent.hostname) Currently Eland doesn't support nested fields being accessed this way, could you open a feature request on GitHub for this?

Instead you should access your fields like so:

df[df["agent.hostname"] == "SERVER1"].head()

Hope this helps!

Paddyns · January 4, 2022, 12:10pm

Thank you @sethmlarson - this allowed me pull back the data. I'll submit a feature request on Github
Funny thing when I do use your query method it's shows as CAPITALs in the output while I must use lowercase in the query statement like below - this had me stuck for a while.

df[df["agent.hostname"] == "server1"].head()

system · February 1, 2022, 12:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.