Hello,
Let's say I have the results below in an array of 2:
"hits": {
"hits": [
{
"_index": "blah-2021.10.01-000003",
"_type": "_doc",
"_source": {
"log.message": "blah blah",
"log.syslog.severity.code": "1",
"log.syslog.priority.code": "129",
"log.syslog.appname": "MS_SI",
"log.hostname": "xxx",
"host.hostname": "yyy",
"process.pid": "5619",
"host.type": "xxx",
"log.syslog.tag": "MS_SI[5619]",
"log.syslog.facility.name": "local0",
"@timestamp": "2021-10-05T16:30:35.982Z",
"log.syslog.structured-data": "-",
"@version": "1",
"source.ip": "1.1.1.1",
"log.syslog.severity.name": "alert",
"log.code": "0X50000000",
"log.syslog.priority.name": "local0.alert",
"log.original": "blah blah 2",
"log.syslog.facility.code": "16",
"log.syslog.version": "1"
},
"_id": "fSC_VnwBcyUX2n9Drmuo",
"_score": 21.817675
},
{
"_index": "blah-2021.10.01-000003",
"_type": "_doc",
"_source": {
"log.message": "blah blah",
"log.syslog.severity.code": "1",
"log.syslog.priority.code": "129",
"log.syslog.appname": "MS_SI",
"log.hostname": "xxxx",
"host.hostname": "xxxx",
"process.pid": "5619",
"host.type": "xxx",
"log.syslog.tag": "MS_SI[5619]",
"log.syslog.facility.name": "local0",
"@timestamp": "2021-10-07T05:00:07.890Z",
"log.syslog.structured-data": "-",
"@version": "1",
"source.ip": "2.2.2.2",
"log.syslog.severity.name": "alert",
"log.code": "0X50000000",
"log.syslog.priority.name": "local0.alert",
"log.original": "blah blah 2",
"log.syslog.facility.code": "16",
"log.syslog.version": "1"
},
"_id": "EisfWXwBBYtMJzigfHlV",
"_score": 21.817675
},
]
I am able to extract the _source, but nothing under _source. For example, if I want this specific field: log.hostname, what would I need to do?
Example:
with
ctx.payload.hits.hits.0._source
I can get the first ID in the array
{log.message=blah blah, log.syslog.severity.code=1, log.syslog.priority.code=129, log.syslog.appname=MS_SI, log.hostname=xxx, host.hostname=yyy, process.pid=5619, host.type=xxx, log.syslog.tag=MS_SI[5619], log.syslog.facility.name=local0, @timestamp=2021-10-07T05:24:47.870Z, log.syslog.structured-data=-, @version=1, source.ip=1.1.1.1, log.syslog.severity.name=alert, log.code=0X50000000, log.syslog.priority.name=local0.alert, log.original=blah blah 2, log.syslog.facility.code=16, log.syslog.version=1}.
But this returns nothing:
ctx.payload.hits.hits.0._source.log.hostname