Field mapping [field with constant name]. --> [field with a changing/dynamic name] --> [fields with constant names]

Elastic Stack Elasticsearch
1

hi.. i've run into a problem with elasticsearch mapping.. i'm sure there is a way to deal with it.. but i cant figure it out.. or even the terminology to use to search for a solution.

i'm trying to import a json from shodan.io i've got everything mapped other than a field called "vulns"

within vulns are seperate fields named by the vulnerability-year-id .. then subfields with standard names in there.

for example:

vulns.cve-2018-0732.references
vulns.cve-2018-0732.summary
vulns.cve-2018-0732.verified
vulns.cve-2018-1737.references
vulns.cve-2018-1737.summary
vulns.cve-2018-1737.verified

i need the cve-* names .. after that it can just be flatteend to text.. but how do i map that with the name after "cve-" constantly changing? is where a way to do a mapping to a name with a wildcard:
cve-* --> flattened?

any help would be appreciated

2

Take a look at the dynamic templates documentation.

I think it would be something like this, but I didn't tested it.

"dynamic_templates" : [
    {
        "vulns_cve" : {
            "path_match" : "vulns.cve-*",
            "mapping" : {
                "type" : "flattened"
            }
        }
    }
]

This would map every field starting with cve-* nested under vulns as flattened, for example, vulns.cve-2018-0732.references would be mapped as flattened.

3

thank you, i dont know why i was making that so hard. you saved me a ton of time.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.