Getting Nested Fields Elasticsearch Filter

kahndor · February 2, 2018, 12:18pm

I using the logstash-elasticsearch-filter to correlate events from Elasticsearch. Some of the fields that I need to return from the Elasticsearch hit are nested. I have been unable to retrieve these docs and the result is always null.

I am using Logstash 5.6.5 and ES 5.6.5.

Here is my configuration:

       "fields" => {            
           "field.otherField.anotherField" => "p_time_gmt"
       }

I have also tried:

[field][otherField][anotherField]
[field][otherField][0][anotherField]

Without luck.

The json response from ES looks like:

field": {
        "otherField": [
              {
                "anthorField": "someText"
              }
       ]
}

kahndor · February 4, 2018, 3:48pm

I was able to solve the problem using a workaround. I extracted the top level key and then parsed it with a mutate filter. I think this is a bug and would be a useful feature.

system · March 4, 2018, 3:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Logstash] Aggregate Filter Plugin with Nested Fields Logstash	1	341	March 8, 2021
Logstash Extract Elasticsearch Nested Fields Logstash	29	1798	July 14, 2021
Logstash elasticsearch filter, query with nested field Logstash	2	708	August 2, 2019
Logstash : How to extract a nested field from Json log and only index the content of the nested field Logstash	6	1752	November 24, 2022
Work with nested fields in logstash elasticsearch filter Logstash	2	392	November 1, 2021

Getting Nested Fields Elasticsearch Filter

Related topics