How to dynamically check whether array element in index is active or not?

Hi ELK team,
i have a index as follows:
{
"_index": "ats1-cloudstream-package",
"_type": "doc",
"_id": "D0pSBWIB1T60hu117tqT",
"_version": 1,
"_score": null,
"_source": {
"packageList": {
"packages": [
{
"name": "Default",
"enabled": "true",
"timestamp": "2018-03-08T12:15:41.784+0100"
},
{
"name": "MND_Common",
"enabled": "true",
"timestamp": "2018-03-08T12:15:41.784+0100"
},
{
"name": "MND_Common_JDBC",
"enabled": "true",
"timestamp": "2018-03-08T12:15:41.785+0100"
},
{
"name": "MonitoringFramework",
"enabled": "true",
"timestamp": "2018-03-08T12:15:41.785+0100"
},
{
"name": "NiqTest",
"enabled": "true",
"timestamp": "2018-03-08T12:15:41.785+0100"
},

....continues

so i need to build a watcher such that in future if any element is added to package list in the index, it should be able to check that also whether that package is enabled or Not!!

so i need dynamic watcher for this index??

any reference on this will be great Help!!

Thanks,
Naveena K N

cc / @spinscale

This is not so much a watcher question, but rather a question, if you are able to come up with a proper search query, that finds such documents.

As this is using arrays, you should first take a look at the nested mapping type and query of Elasticsearch and go from there. Also, if you only want to get those hits matched by a query, you should take a look at the inner_hits query.

Only if the query is actually returning your desired data, you can go from there and start writing a watch.

--Alex

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.