Is it possible to create a single document with an array of objects?

Elastic Stack Logstash
1

I'm creating a query to feed my index that has a field in common and I wanted to include all values ​​with the same field in a single document.

Example SQL DATA:
ID NAME CODE ACTIVE QTD PROD
181304447641860 VALUE1 43111 0 2 JUICE
181304447641860 VALUE2 43111 0 2 POTATO
000000007641860 VALUE3 43111 0 2 GRAPE
000000007641860 VALUE4 43111 0 2 APPLE

I'm trying to do this:
</>[{
"_id": "181304447641860",
"_score": 1,
"_source": [
[
{
"NAME": "VALUE1",
"CODE": 43111,
"ACTIVE": 0,
"QTD": 2,
"PROD": "JUICE"
},
{
"NAME": "VALUE2",
"CODE": 43111,
"ACTIVE": 0,
"QTD": 2,
"PROD": "POTATO"
}
]
]
},
{
"_id": "000000007641860",
"_score": 1,
"_source": [
[
{
"NAME": "VALUE3",
"CODE": 43111,
"ACTIVE": 0,
"QTD": 2,
"PROD": "GRAPE"
},
{
"NAME": "VALUE4",
"CODE": 43111,
"ACTIVE": 0,
"QTD": 2,
"PROD": "APPLE"
}
]
]
}]</>

I tried to use HashMap() to create the array of objects, but the values ​​weren't being included. Any documentation or example suggestions I can use?

2

Hi @Wellington_Bezerra ,
If i understand you correctly you are getting multiple separated events from SQL DB and you want to merge events with the same id under the same document in Elasticsearch.
In order to do so you should include document_id in elasticsearch output in logstash as well as including a script that should run when document should be updated.
hereby is an example of such output:

elasticsearch {
        hosts => ["yourhost:9200"]
        cacert => "path to cacert if required"
        index => "<your index name>"
        doc_as_upsert => "true"
        action => "update"
        script_type => "indexed"
        script_lang => ""
        script => "<script name on elasticsearch>"
        document_id => "%{[ID]}"
        user => "user"
        password => "pass"
    }
  • notice that action is update and doc_as_upsert is set to true indicating that if ID does not exist on Elasticsearch index it should be created (without the script).
  • you should create stored script as indicated here: Create or update stored script API | Elasticsearch Guide [8.3] | Elastic and use script_type: indexed, script_lang: "" and script with script name to refer every update action to the relevant logic.
  • In your script you can refer the indexed data on Elasticsearch using ctx._source and the new event from logstash as params.event.get('any field name from event')
  • source data can't be an array as you posted and must be an object. assuimg you are going to call the array records - you should manipulate each record in Logstash to look like the following:
{
  "records": [
    {
         "NAME": "<name value>",
         "CODE": <code value>,
          "ACTIVE": <active value>,
          "QTD": <qtd>,
         "PROD": "<prod name>"
    }
  ],
  "ID": <the record id>
}

  • then in your script you can do something like:
    ctx.source.records.addAll(params.event.get('records'));

  • Also i would suggest to index records as type nested for more appropriate quering capabilities.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.