ELK query display data from list

Kamil_Szczur · June 28, 2019, 7:56am

Dear Team,

I'm new to ELK Stack, i have installed (Elasticsearch 7.2.0, Logstash 7.2.0,Kibana 7.2.0) and tried writing query.

My question:
How writting query to show all pop_abc whitch pop_abc > 10 from index 1

My data:

     "_source": {
        "data_receiver": "2019-06-27T11:27:54+02:00",
        "pop": {
          "pop_abc": {
            "abc": [
              13,
              11995 <- index 1
            ],
            "def": [
              86,
              2596
            ]
          }
        },
        "name": "myname",
        "name_client": "myname_client"
      },
      "fields": {
        "data_receiver": [
          "2019-06-27T09:27:54.000Z"
        ]
      }
    }

Mapping

  "_source": {
        "data_receiver": "2019-06-27T11:27:54+02:00",
         "pop": {
           "pop_abc": {
             "abc": [
               13,
               11995
             ],
             "def": [
               86,
               2596
             ]
           }
         },
         "name": "myname",
         "name_client": "myname_client"
       },
       "fields": {
         "data_receiver": [
           "2019-06-27T09:27:54.000Z"
         ]
      }
     }

Thank you.

markov00 · July 25, 2019, 5:04pm

Hi @Kamil_Szczur welcome to the community and sorry for the late reply.
I think there is mistake on your post: you have posted two time the data model and not the mappings.

I've also have a second question: do you need to build a visualization with that query or you just want to see a DSL query that allow you to query in that way?

Third question: I'm not sure what do you mean by index 1? do you want to query that index to check if count/show all documents that has at least one value inside pop_abc.abc array > 10 ? or any value inside every array of pop_abc?

system · August 22, 2019, 5:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.