Elasticsearch painless access dynamically named field

Jibin_Mathews · March 1, 2018, 10:04am

I am trying to average a field in elastic search,

"aggs": {
      "avg_timedifference": {
         "avg": {
            "script" : "doc['@timestamp'].value"
         }
      }

this works,

where the mapping is,

    {
            "_index" : "justchill",
            "_type" : "doc",
            "_id" : "cRP1bWEB6Z3gZHtPaXv1",
            "_score" : 1.0,
            "_source" : {

              "port" : 80,
              "bing.sss-ccc.tc.DOWNSTREAM_dropped.bong" : 33.0,
              "@timestamp" : "2018-02-07T01:50:55.000Z",
              "message" : "ccc.dna-ccc.tc.DOWNSTREAM_dropped.kkk 33 1517968255",
              "@version" : "1",
              "host" : "localhost"
            }
          },
          {
            "_index" : "justchill",
            "_type" : "doc",
            "_id" : "cRP1bWEB6Z3gZHtPaXv1",
            "_score" : 1.0,
            "_source" : {

              "port" : 80,
              "bong.sss-ccc.tc.DOWNSTREAM_dropped.bing" : 33.0,
              "@timestamp" : "2018-02-07T01:50:55.000Z",
              "message" : "ccc.dna-ccc.tc.DOWNSTREAM_dropped.kkk 33 1517968255",
              "@version" : "1",
              "host" : "localhost"
            }
          },

what i want to do is access the fields here temporarly named bing..bong and bong ..bing .The field is dynamically mapped , any way to access the same?

rjernst · March 1, 2018, 8:16pm

You need to know the full know of the field, there is no way to use a wildcard or anything like that. You could theoretically store this field name in another field using ingest, but that would require a second docvalues lookup at search time.

system · March 29, 2018, 8:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.