TechQA.

How to search for a nested key in kibana

253 views Asked by At

I have kibana documents that look like this

{
  "_index": "echo.caspian-test.2020-06-11.idx.2",
  "_type": "status",
  "_id": "01754abe95fd084495da20646194fdf7",
  "_score": 1,
  "_source": {
    "applicationVersion": "9f80e49dea1c647fa1baf2e70665aba3a74158eb",
    "echoClientVersion": "1.5.1",
    "echoMetadata": {
      "transportType": "echo"
    },
    "dataCenter": "hdc-digital-non-prod",
    "echoLoggerVersion": "EchoLogbackAppender-1.5.1",
    "host": "e22ab1e4-9256-438b-5855-ad04",
    "type": "INFO",
    "message": "AddUpdate process method ends",
    "messageDetail": {
      "logger": "com.kroger.cxp.app.transformer.processor.AddUpdateTransformerImpl",
      "thread": "DispatchThread: [com.ibm.mq.jmqi.remote.impl.RemoteSession[:/1f6e1b6c][connectionId=414D5143514D2E4150504C2E54455354967C7F5F0407B82E]]"
    },
    "routingKey": "caspian-test",
    "timestamp": "1603276805250"
  },
  "fields": {
    "timestamp": [
      "2020-10-21T10:40:05.250Z"
    ]
  }
}

I need to search all the docs having a particular connectionId which is present in

"messageDetail": { "logger": "com.kroger.cxp.app.transformer.processor.AddUpdateTransformerImpl", "thread": "DispatchThread: [com.ibm.mq.jmqi.remote.impl.RemoteSession[:/1f6e1b6c][connectionId=414D5143514D2E4150504C2E54455354967C7F5F0407B82E]]" }

How can i do that . I have tried searching for messageDetail.thread=%$CONNECTION_ID% but it didn't work

elasticsearch kibana kibana-6
Original Q&A
1

There are 1 answers

0
Amit On BEST ANSWER

You need to add a nested path in your search query to make it work and your messageDetail must be of nested datatype, something like below

{
    "query": {
        "nested": {
            "path": "messageDetail", --> note this
            "query": {
                "bool": {
                    "must": [
                        {
                            "match": {
                                "messageDetail. thread": "CONNECTION_ID"
                            }
                        }
                    ]
                }
            }
        }
    }
}

Adding a working sample with mapping, search query, and result

Index mapping

{
    "mappings": {
        "properties": {
            "messageDetail": {
                "type" : "nested"
            }
        }
    }
}

Index sample doc

{
    "applicationVersion": "9f80e49dea1c647fa1baf2e70665aba3a74158eb",
    "echoClientVersion": "1.5.1",
    "echoMetadata": {
        "transportType": "echo"
    },
    "dataCenter": "hdc-digital-non-prod",
    "echoLoggerVersion": "EchoLogbackAppender-1.5.1",
    "host": "e22ab1e4-9256-438b-5855-ad04",
    "type": "INFO",
    "message": "AddUpdate process method ends",
    "messageDetail": {
        "logger": "com.kroger.cxp.app.transformer.processor.AddUpdateTransformerImpl",
        "thread": "DispatchThread: [com.ibm.mq.jmqi.remote.impl.RemoteSession[:/1f6e1b6c][connectionId=414D5143514D2E4150504C2E54455354967C7F5F0407B82E]]"
    },
    "routingKey": "caspian-test",
    "timestamp": "1603276805250"
}

And search query

{
    "query": {
        "nested": {
            "path": "messageDetail",
            "query": {
                "bool": {
                    "must": [
                        {
                            "match": {
                                "messageDetail.thread": "DispatchThread"
                            }
                        }
                    ]
                }
            }
        }
    }
}

And search res

"hits": [
            {
                "_index": "nestedmsg",
                "_type": "_doc",
                "_id": "1",
                "_score": 0.2876821,
                "_source": {
                    "applicationVersion": "9f80e49dea1c647fa1baf2e70665aba3a74158eb",
                    "echoClientVersion": "1.5.1",
                    "echoMetadata": {
                        "transportType": "echo"
                    },
                    "dataCenter": "hdc-digital-non-prod",
                    "echoLoggerVersion": "EchoLogbackAppender-1.5.1",
                    "host": "e22ab1e4-9256-438b-5855-ad04",
                    "type": "INFO",
                    "message": "AddUpdate process method ends",
                    "messageDetail": {
                        "logger": "com.kroger.cxp.app.transformer.processor.AddUpdateTransformerImpl",
                        "thread": "DispatchThread: [com.ibm.mq.jmqi.remote.impl.RemoteSession[:/1f6e1b6c][connectionId=414D5143514D2E4150504C2E54455354967C7F5F0407B82E]]"
                    },
                    "routingKey": "caspian-test",
                    "timestamp": "1603276805250"
                }
            }
        ]

Related Questions in ELASTICSEARCH

Related Questions in KIBANA

Related Questions in KIBANA-6

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions