Netsted JSON field handling

Elastic Stack Kibana
1

I am using ELK 6.3.0 version
My JSON Structure is like below

{
Field1: Value1
"nestedField":[
                   {
                       "KeyName":"Key1"
                       "KeyValue":"Key1Value1"
                  },{
                       "KeyName":"Key2"
                       "KeyValue":"Key2Value2"
                  }]
}

when I am creating a Pie chart on "nestedField.KeyName", graph is including values in both KeyNames. for Example: in Pie chart for KeyName, graph is divided into two parts "Key1" and "Key2". when I further split it by "KeyValue", Key1value1 and Key2value2 are showing at both sides of Keys. Key1 portion showing Keyvalue: Key1Value1 and Key2Value2. same as Key1.

Kindly suggest.

2

Hi,

I am going to tag our viz team here: @timroes / @ppisljar

Thanks,
Bhavya

3

Hi,

this is related to the way Elasticsearch stores these documents. It will actually by default not have the link any more about the individual documents, i.e. your document will look like the following:

{
  "Field1": "Value1",
  "nestedField.KeyName": [ "Key1", "Key2" ],
  "nestedField.KeyValue": [ "Key1Value1", "Key2Value2" ]
}

That's why filtering by "nestedField.KeyName:Key1" will just retrieve that document, which again has both nested field key values present.

If you need that distinction between original documents you want to look into Nested datatypes. But please be aware, that those are currently not supported by Kibana nateively (#1084), but you could have a look at the Kibana Nested Support Plugin by the community.

Cheers,
Tim

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.