I'm trying to use Painless to do a transform for a Slack alert message. I believe I've followed the standard for using Painless to be able to persist the field that have a dot in them. However, those fields always show up as null. I'm not sure what I'm doing wrong. Any help would be appreciated.
Here is the request:
Hey there jayson,
In your transform, instead of referring to the fields like data._source['host.hostname'], try referring to the fields like data._source.host.hostname
Does that still give null values?
That did work. Thank you. I read in another post that Painless needed the brackets around the fields that had "." in the field name. I removed those and it worked great.
Some info below for others to reference and understand better in the future.
['host']['hostname'] traverses the host object and accesses the hostname key
['host.hostname'] accesses the key "host.hostname" which doesn’t exist
Excellent! Great to hear that worked for ya 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.