Saved Search display specific nested field as a column

theflyingcarpet · August 16, 2019, 11:15am

The current behaviour when displaying a nested field is to display the complete sub-document as the column e.g. {"field1": "value1", "field2": "value2"}

How can we flatten this to display the fields as separate columns? I'm thinking that we'd just use the dot notation to target the field e.g. sub-document.field1 would just display the content of field1 cleanly.

I tried editing the saved object where the list of columns are, to add a column with the dot notation and tantalisingly, it returned the column name but didn't populate the values. Is this something that will work with the correct syntax?

BTW, if the answer is that Kibana doesn't support nested fields, how can we add this as a request to be implemented?

bhavyarm · August 16, 2019, 4:12pm

Hello,

Can you please request this enhancement here?

@Bargs do you have any inputs?

Thanks,
Bhavya

Bargs · August 16, 2019, 10:18pm

We don't support nested fields in Kibana yet. You can subscribe to this issue for any updates: https://github.com/elastic/kibana/issues/1084

theflyingcarpet · August 19, 2019, 6:50am

I guess I was hoping there might be a trick to have it work without the full support for nested fields or that just this part could be easily added. I've subscribed to the issue (which I see has been on the backlog forever).

Bargs · August 19, 2019, 3:29pm

There's a community plugin you might find helpful in the meantime: https://ppadovani.github.io/knql_plugin/overview/

system · September 16, 2019, 3:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.