Fetch the array of "docker.container.id" (all the docker container ids) from the docker metrics

So, I am using metricbeat to fetch my docker related logs and metrics.
So, that output of the Elasticsearch query looks something like this :
{
...
..
"hits": [
{
"docker" : {
"container" : {
"id" : "b1234",
"name" : "sleepy_elion",
"image" : "node"
}
}
},
{
"docker" : {
"container" : {
"id" : "a3453",
"name" : "something_elion",
"image" : "node"
}
}
}
]
}


Now, what I want to know is:
Is there any "aggregation" or something else which can look into the "docker.container.id" of every "hit" in "hits" array and in the output create a field, say, "all_container_ids" which will have all the unique container ids, like a set of all the "docker.container.id"

So, it might look something like this in this situation

"all_container_ids" : [
"b1234",
"a3453"
]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.