Searching nested objects in kibana 6.1.1

vvvprabhakar · October 24, 2020, 8:32am

logs :
	 {
	 	"fields": [{
	 			"value": "exception",
	 			"type": "string",
	 			"key": "message"
	 		},
	 		{
	 			"value": "Access denied to perform this action",
	 			"type": "string",
	 			"key": "exception.message"
	 		},
	 		{
	 			"value": "com.AccessDeniedException: Access denied to perform this action\n",
	 			"type": "string",
	 			"key": "exception.stacktrace"
	 		},
	 		{
	 			"value": "com.AccessDeniedException",
	 			"type": "string",
	 			"key": "exception.type"
	 		}
	 	],
	 	"timestamp": 123
	 }

i want to query the concat all the values present in the fields array object
from the above example it should be
"exception com.AccessDeniedException: Access denied to perform this action\n "com.AccessDeniedException"

How to write a query for this ?

And one more question is for logs attribute kibana is showing "Unindexed fields cannot be searched "
How can i filter those

Thanks in advance

tsullivan · October 29, 2020, 7:53pm

Hi, the part in your question about "query the concat all the values" isn't very clear. It might help your understanding to read about how nested fields work in Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html#nested

Kibana currently does not have support for searching nested fields. Your best option would be to create a scripted field and use that field as the value to search. Another option is to change the way the data is ingested so the search-friendly text is an additional field in the data.

system · November 26, 2020, 7:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.