Using the Static Lookup field formatter (https://github.com/elastic/kibana/pull/19637)..
Is there a recommended way to populate the static lookup field programmatically, with a largeish table? I want to convert mlcategory values in my ML into something more human readable.
I've found where it's stored:
GET api/saved_objects/index-pattern/my-pattern \
| jq -r '.attributes.fieldFormatMap' | jq '.'
{
"myfield": {
"id": "static_lookup",
"params": {
"lookupEntries": [
{
"key": "k1",
"value": "key one"
},
{
"key": "k2",
"value": "key 2"
}
]
}
}
}
I'm guessing I can use the saved objects update api to create this field.
PUT api/saved_objects/index-pattern/my-pattern
{
"attributes": {
"fieldFormatMap": "{\"myfield\":{\"id\":\"static_lookup\",\"params\":{\"lookupEntries\":[{\"key\":\"k2\",\"value\":\"key 2\"},{\"key\":\"k2\",\"value\":\"key 2\"}]}}}"
}
}
I ended up using this monster one-liner to:
jq to convert those categories into a fieldFormatMap; andcurl -XPUT -H "Content-type: application/json" -H "kbn-xsrf: kibana" localhost:5601/api/saved_objects/index-pattern/672e6eb0-4eee-11e9-894c-f5374ebb52f8 -d "$(echo "{}" | jq --arg fieldmap "$(curl -H 'Content-type: application/json' -s -XGET localhost:9200/.ml-anomalies-custom-log-analysis-2/_search -d '{"version":true,"size":500,"query":{"bool":{"must":[{"exists":{"field":"category_id"}}]}}}' | jq -c '{ mlcategory: { id: "static_lookup", params: { lookupEntries: [( .hits.hits[]._source | { key: .category_id } + { value: ( (.category_id|tostring) + ": " + .examples[0] )})]}}}' )" '{ attributes: { fieldFormatMap: $fieldmap }}')"
I bow to your 1-liner skills! This looks great!
I thought you might like a couple of items as food for thought:
PUT to a POST and not provide an ID is the index pattern path
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.