Hi:
I have a mapping similar to this :
{
"type1" : {
"properties" : {
"field1": {
"type": "nested",
"nested_field1": {
"type": "string"
},
"nested_field2": {
"type": "nested",
"properties": {
"sub_nested_field1" : {
"type" : "string"
}
}
}
}
}
}
}
I want to flatten out the document so that the mapping looks like so :
{
"type1" : {
"properties" : {
"field1": {
"type": "nested",
"nested_field1": {
"type": "string"
},
"sub_nested_field1" : {
"type" : "string"
}
}
}
}
}
I am using logstash to copy the data from one ES index to another. However, I have not been very successful at translating the required mapping.
input {
elasticsearch {
hosts => ["localhost"]
port => "9200"
index => "index1"
scroll => "5m"
docinfo => true
}
}
filter {
mutate {
rename => {"field1" => "field1_old"}
add_field => {
"[field1_old][sub_nested_field1]" => "[entities_old][nested_field2][sub_nested_field1]"
}
remove_field => ["@timestamp","@version","[field1_old][nested_field2]"]
}
}
output {
elasticsearch {
host => "localhost"
port => 9300
protocol => "transport"
index => "index2"
document_type => "type1"
document_id => "%{[@metadata][_id]}"
}
stdout {
codec => "dots"
}
}
However I am having difficulty with this mapping. its not giving me he result I am expecting.. any help is much appreciated.
