Hey,
we have different suppliers for data that is imported into elastic. The suppliers use different field names, but some of them use the same type of data.
Example:
Supplier A:
last_seen: 2020_02_03
IP: 10.10.10.10
Supplier B:
date: 2020_02_03
ip_address: 192.168.0.1
We have one index for each supplier. To simplify the search and to achieve some harmonisation I created alias fields.
index A:
date_alias_field => last_seen
ip_alias_field => IP
index B:
date_alias_field => ip_address
ip_alias_field => ip_address
The search works very well:
GET /_search
{
"query": {
"query_string": {
"query": "192.168.0.1",
"default_field": "ip_alias_field"
}
}
}
Now I want to use the alias fields, in this case the field "date_alias_field" for further steps in our process. But these are not output at all (because not part of "_source"). Is there a solution to get them?
ps: we use "query_string" because we have multiple alias fields and use wildcards (*), f.e. "default_field": "ip_alias*"
Cheers
Andreas