Return only the data inside hits [ ]

Elastic Stack Elasticsearch
1

Hi,

I have a query that returns the hits field nested inside key andaggregations.

I'm using curl to send the data to logstash for further processing and I would like to make my life a bit easier by only having to process whatever is in the hits field. However if I do something like /_search?q=elasticsearch&filter_path=took,hits.hits._id,hits.hits._score the return is always hits [ ].

My documents looks like this

  "aggregations" : {
    "location" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "8913514",
          "doc_count" : 6898,
          "latest_data" : {
            "hits" : {
              "total" : {
                "value" : 6898,
                "relation" : "eq"
              },
              "max_score" : null,
              "hits" : [
                {
                  "_index" : "test",
                  "_type" : "doc",
                  "_id" : "123",
                  "_score" : null,
                  "_source" : {
                    "@timestamp" : "2017-08-04T16:59:00.209Z",
                    "gps_location_geo" : "12345",
                    "location" : "somewhere"
                  },
                  "sort" : [
                    "somewhere"
                  ]
                }
              ]
            }
          }
        }
2

I think you'll need filter_path=took,hits.hits.*._id,hits.hits.*._score since hits.hits is an array of objects.

3

Unfortunately that does not work. It only returns took.

4

Can you share an example response without any filter_path so we can see what we're trying to filter?

5

Hi David,

The output looks like this:

{
  "took" : 10,
  "timed_out" : false,
  "_shards" : {
    "total" : 43,
    "successful" : 43,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 10000,
      "relation" : "gte"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "location" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "8913514",
          "doc_count" : 6898,
          "latest_data" : {
            "hits" : {
              "total" : {
                "value" : 6898,
                "relation" : "eq"
              },
              "max_score" : null,
              "hits" : [
                {
                  "_index" : "test",
                  "_type" : "doc",
                  "_id" : "123",
                  "_score" : null,
                  "_source" : {
                    "@timestamp" : "2017-08-04T16:59:00.209Z",
                    "gps_location_geo" : "12345",
                    "location" : "somewhere"
                  },
                  "sort" : [
                    "somewhere"
                  ]
                }
              ]
            }
          }
        }
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.