Scripted Field for elements inside lists of JSON objects

Elastic Stack Kibana
1

I have been trying to use scripted fields to test for elements which exists inside a list, but after hours of trying different syntax + reading the documentations, I still can’t figure out how to do it properly. Here is a single document:

{
  "_index": "logstash-2017.07.03",
  "_type": "logstash",
  "_id": "AV0GqyiRBL9dWZiApDsW",
  "_score": 1,
  "_source": {
    "server": {
      "name": "Reddit Alpha Clan Family",
      "id": "218534373169954816"
    },
    "level": "INFO",
    "author": {
      "joined_at": "2017-05-05T02:59:48.762103",
      "server": {
        "name": "Reddit Alpha Clan Family",
        "id": "218534373169954816"
      },
      "game": {},
      "bot": false,
      "roles": [
        {
          "name": "Elder",
          "id": "218867146753703936"
        },
        {
          "name": "Member",
          "id": "220001984147750922"
        },
        {
          "name": "Hotel",
          "id": "258055273468526592"
        },
        {
          "name": "Practice",
          "id": "299145314412134401"
        },
        {
          "name": "Tourney",
          "id": "306036062772396032"
        },
        {
          "name": "@everyone",
          "id": "218534373169954816"
        }
      ],
      "name": "WetSponge",
      "top_role": {
        "name": "Elder",
        "id": "218867146753703936"
      },
      "id": "155877170298748928",
      "display_name": "WetSponge",
      "username": "WetSponge",
      "status": {
        "offline": false,
        "idle": false,
        "invisible": false,
        "online": true,
        "dnd": false
      }
    },
    "channel": {
      "server": {
        "name": "Reddit Alpha Clan Family",
        "id": "218534373169954816"
      },
      "name": "strategy",
      "created_at": "2016-09-07T03:29:07.009000",
      "id": "222921163314036736",
      "position": 11,
      "type": {
        "voice": false,
        "private": false,
        "text": true,
        "group": false
      },
      "is_default": false
    },
    "type": "logstash",
    "message": "discord.logger.message",
    "content": "that are decent against bowler giant beatdown /bowler gy",
    "tags": [],
    "path": "/home/sml/red/Red-DiscordBot/cogs/logstash.py",
    "@timestamp": "2017-07-03T04:17:46.628Z",
    "discord_event": "message",
    "mention_names": [],
    "stack_info": null,
    "@version": "1",
    "host": "vsml",
    "logger_name": "discord.logger",
    "mention_ids": []
  },
  "fields": {
    "channel.created_at": [
      1473218947009
    ],
    "@timestamp": [
      1499055466628
    ],
    "content_is_command": [
      false
    ],
    "author.joined_at": [
      1493953188762
    ],
    "content_first_word": [
      "that"
    ]
  }
}

What I would like to grab is the author.roles.name and test it against a list of names then return a name if there is a match. I have eventually got to:

def roles = doc["author.roles.name.keyword"].value

but that returns the last element only which is not what I wanted.

I have tried:

def roles = doc["_source"]["author"]["roles"]

but that doesn’t seem to return it as a list either. Hopefully someone could help me out as I don’t even know if it is syntax error or what it is…

Thanks!

2

Hi there, I found this similar thread from awhile back: Changing all array elements in scripted field

In that thread, the author uses the "values" property to retrieve all of the values in the array. So in your example, it would be:

def roles = doc["author.roles.name.keyword"].values

Can you try this and let me know if it works for you?

Thanks,
CJ

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.