Hi all,
I'm having trouble building out a suitable mapping structure that will appropriately accommodate nested objects.
ES and Kibana are both the latest versions.
Here's a truncated example (I've trimmed the two nested blocks down to reasonable sizes):
{
"id":12345,
"label":"A string of text",
"published_by":"some user id",
"is_published":"boolean",
"last_published":"2018-06-14",
"first_published":"2018-06-14",
"brand":"A keyword",
"language":"ISO country code",
"sender_ips":[
{
"ip":"1.2.3.4",
"country":"England",
"city":"London"
},
{
"ip":"1.2.1.2",
"country":"Germany",
"city":"Ravensburg"
},
{
"ip":"1.2.3.1",
"country":"United States",
"city":"West Lafayette"
}
],
"block_data":[
{
"data":"A Keyword",
"impact":"A Keyword",
"family":"A Keyword",
"phenotype":"A keyword"
},
{
"data":"A Keyword",
"impact":"A Keyword",
"family":"A Keyword",
"phenotype":"A keyword"
},
{
"data":"A Keyword",
"impact":"A Keyword",
"family":"A Keyword",
"phenotype":"A keyword"
}
],
"m_ids":[
111111111,
222222222,
333333333
]
}
The mappings I'm currently using:
{
"mappings": {
"_doc": {
"properties": {
"id": {"type": "keyword"},
"label": {"type": "text"},
"published_by": {"type": "keyword"},
"is_published": {"type": "boolean"},
"first_published": {"type": "date"},
"last_published": {"type": "date"},
"brand": {"type": "keyword"},
"language": {"type": "keyword"},
"block_data": {
"type": "nested",
"properties": {
"data": {"type": "keyword"},
"impact": {"type": "keyword"},
"family": {"type": "keyword"},
"phenotype": {"type": "keyword"}
}
},
"sender_ips": {
"type": "nested",
"properties": {
"ip": {"type": "ip"},
"country": {"type": "keyword"},
"city": {"type": "keyword"}
}
},
"m_id": {"type": "text"}
}
}
}
}
The challenge I have, is that the sender_ips fields do not populate (the block_data fields seem to work fine).
Kibana explicitly warns that nested objects are not well supported:
Am I approaching this incorrectly? Is there a better way to think about storing these types of objects?
Cheers, for any help!