Re: Create mapping for nested json
No bug in ES, it is a missing feature in Kibana.
https://github.com/elastic/kibana/issues/1084
I am using ES 1.5.0-1 (rpm for RHEL).
On Tue, Apr 7, 2015 at 12:32 AM, Krishna Raj
wrote:
> What version of ES are you trying on ? I faced this issue due to a bug in
> lower versions. But I am successfully when i upgraded to the newer version.
>
> Thanks,
> Kr
>
> On Mon, Apr 6, 2015 at 9:42 PM, wrote:
>
>> The culprit seems to be Kibana :(
>>
>> I sort of forced ES to show it's hands by explicitly forcing analyzing
>> and storing all fields:
>>
>> curl -XPUT localhost:9200/_template/metrics -d '{
>> "template" : "metrics",
>> "order":2,
>> "settings" : {
>> "index.refresh_interval" : "5s"
>> },
>> "mappings" : {
>> "metric" : {
>> "properties" : {
>> "Activities" : {
>> "type" : "object",
>> "properties" : {
>> "ActivityName" : {"type" : "string", "index" :
>> "analyzed", "store" : true},
>> "ActivityFields" : {
>> "type" : "object",
>> "properties" : {
>> "FieldName" : {"type" : "string", "index" :
>> "analyzed", "store" : true},
>> "valueCounts" : {
>>"type" : "object",
>>"properties" : {
>> "valueName" : {"type" : "string",
>> "index" : "analyzed", "store" : true},
>> "valueCount" : {"type" : "integer",
>> "index" : "analyzed", "store" : true}
>> }
>> }
>> }
>> }
>> }
>> }
>> }
>> }
>> }
>>
>> }'
>>
>> The resulting JSON in Kibana shows all the extracted fields - only
>> doesn't show them as facets!! It discovers them but won't show them as
>> facets/aggregates. I can search for /Activities.ActivityName: "SSH"/ but no
>> faceting. Very frustrating. Is there a workaround?
>>
>>
>>
>>
>>
>> On Wednesday, April 1, 2015 at 9:46:49 PM UTC-7, sec...@gmail.com wrote:
>>>
>>> Hi,
>>>
>>> Noob at ElasticSearch, I am trying to push some nested json to
>>> Elasticsearch and have the nested objects parsed out as facets. If I use
>>> dynamic mapping then elasticsearch does not seem to parse out the internal
>>> objects. I guess I need to define a mapping for my index?
>>>
>>> Example:
>>>
>>> {
>>> "Date": "2015-03-21T00:09:00",
>>> "Activities": [
>>> {
>>> "ActivityName": "SSH",
>>> "Fields": [
>>> {
>>> "User": [
>>> {
>>> "joe": 2,
>>> "jane": 3,
>>> "jack": 5
>>> }
>>> ]
>>> },
>>> {
>>> "DstIP": [
>>> {
>>> "HostA": 3,
>>> "HostB": 5,
>>> "HostC": 6
>>> }
>>> ]
>>> }
>>> ]
>>> }
>>> ]
>>> }
>>>
>>> I tried to follow the mapping documentation but failed to come up with a
>>> mapping that represents the JSON above. I guess I am not sure how to map
>>> lists. If it helps, here's how I create the JSON in Scala using the Jackson
>>> library:
>>>
>>> scala> nestedMap
>>> res3: scala.collection.immutable.Map[String,Object] = Map(Date ->
>>> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields ->
>>> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP ->
>>> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))
>>>
>>> scala> println(Serialization.write(nestedMap))
>>> {"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}
>>>
>>> Is there a way to get Jackson to spit out the schema that can be directly
>>> fed to elasticsearch as a mapping/template?
>>>
>>> Thanks.
>>>
>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearch+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com
>>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "elasticsearch" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/elasticsearch/qUa6xUb3XMw/unsubscribe.
> T
Re: Create mapping for nested json
What version of ES are you trying on ? I faced this issue due to a bug in
lower versions. But I am successfully when i upgraded to the newer version.
Thanks,
Kr
On Mon, Apr 6, 2015 at 9:42 PM, wrote:
> The culprit seems to be Kibana :(
>
> I sort of forced ES to show it's hands by explicitly forcing analyzing and
> storing all fields:
>
> curl -XPUT localhost:9200/_template/metrics -d '{
> "template" : "metrics",
> "order":2,
> "settings" : {
> "index.refresh_interval" : "5s"
> },
> "mappings" : {
> "metric" : {
> "properties" : {
> "Activities" : {
> "type" : "object",
> "properties" : {
> "ActivityName" : {"type" : "string", "index" :
> "analyzed", "store" : true},
> "ActivityFields" : {
> "type" : "object",
> "properties" : {
> "FieldName" : {"type" : "string", "index" :
> "analyzed", "store" : true},
> "valueCounts" : {
>"type" : "object",
>"properties" : {
> "valueName" : {"type" : "string",
> "index" : "analyzed", "store" : true},
> "valueCount" : {"type" : "integer",
> "index" : "analyzed", "store" : true}
> }
> }
> }
> }
> }
> }
> }
> }
> }
>
> }'
>
> The resulting JSON in Kibana shows all the extracted fields - only doesn't
> show them as facets!! It discovers them but won't show them as
> facets/aggregates. I can search for /Activities.ActivityName: "SSH"/ but no
> faceting. Very frustrating. Is there a workaround?
>
>
>
>
>
> On Wednesday, April 1, 2015 at 9:46:49 PM UTC-7, sec...@gmail.com wrote:
>>
>> Hi,
>>
>> Noob at ElasticSearch, I am trying to push some nested json to
>> Elasticsearch and have the nested objects parsed out as facets. If I use
>> dynamic mapping then elasticsearch does not seem to parse out the internal
>> objects. I guess I need to define a mapping for my index?
>>
>> Example:
>>
>> {
>> "Date": "2015-03-21T00:09:00",
>> "Activities": [
>> {
>> "ActivityName": "SSH",
>> "Fields": [
>> {
>> "User": [
>> {
>> "joe": 2,
>> "jane": 3,
>> "jack": 5
>> }
>> ]
>> },
>> {
>> "DstIP": [
>> {
>> "HostA": 3,
>> "HostB": 5,
>> "HostC": 6
>> }
>> ]
>> }
>> ]
>> }
>> ]
>> }
>>
>> I tried to follow the mapping documentation but failed to come up with a
>> mapping that represents the JSON above. I guess I am not sure how to map
>> lists. If it helps, here's how I create the JSON in Scala using the Jackson
>> library:
>>
>> scala> nestedMap
>> res3: scala.collection.immutable.Map[String,Object] = Map(Date ->
>> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields ->
>> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP ->
>> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))
>>
>> scala> println(Serialization.write(nestedMap))
>> {"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}
>>
>> Is there a way to get Jackson to spit out the schema that can be directly
>> fed to elasticsearch as a mapping/template?
>>
>> Thanks.
>>
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com
>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CANH4dajBzbe4A-YCjFSPtjYk2VM%2B7hQga-sZFYNkJ%2B6kNYYstQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: Create mapping for nested json
The culprit seems to be Kibana :(
I sort of forced ES to show it's hands by explicitly forcing analyzing and
storing all fields:
curl -XPUT localhost:9200/_template/metrics -d '{
"template" : "metrics",
"order":2,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"metric" : {
"properties" : {
"Activities" : {
"type" : "object",
"properties" : {
"ActivityName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"ActivityFields" : {
"type" : "object",
"properties" : {
"FieldName" : {"type" : "string", "index" :
"analyzed", "store" : true},
"valueCounts" : {
"type" : "object",
"properties" : {
"valueName" : {"type" : "string",
"index" : "analyzed", "store" : true},
"valueCount" : {"type" : "integer",
"index" : "analyzed", "store" : true}
}
}
}
}
}
}
}
}
}
}'
The resulting JSON in Kibana shows all the extracted fields - only doesn't
show them as facets!! It discovers them but won't show them as
facets/aggregates. I can search for /Activities.ActivityName: "SSH"/ but no
faceting. Very frustrating. Is there a workaround?
On Wednesday, April 1, 2015 at 9:46:49 PM UTC-7, sec...@gmail.com wrote:
>
> Hi,
>
> Noob at ElasticSearch, I am trying to push some nested json to
> Elasticsearch and have the nested objects parsed out as facets. If I use
> dynamic mapping then elasticsearch does not seem to parse out the internal
> objects. I guess I need to define a mapping for my index?
>
> Example:
>
> {
> "Date": "2015-03-21T00:09:00",
> "Activities": [
> {
> "ActivityName": "SSH",
> "Fields": [
> {
> "User": [
> {
> "joe": 2,
> "jane": 3,
> "jack": 5
> }
> ]
> },
> {
> "DstIP": [
> {
> "HostA": 3,
> "HostB": 5,
> "HostC": 6
> }
> ]
> }
> ]
> }
> ]
> }
>
> I tried to follow the mapping documentation but failed to come up with a
> mapping that represents the JSON above. I guess I am not sure how to map
> lists. If it helps, here's how I create the JSON in Scala using the Jackson
> library:
>
> scala> nestedMap
> res3: scala.collection.immutable.Map[String,Object] = Map(Date ->
> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields ->
> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP ->
> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))
>
> scala> println(Serialization.write(nestedMap))
> {"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}
>
> Is there a way to get Jackson to spit out the schema that can be directly fed
> to elasticsearch as a mapping/template?
>
> Thanks.
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/772aba9c-c85c-4f62-b7fe-d0addd93adcb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Create mapping for nested json
Still struggling with the correct mapping.
I have modified my JSON as:
{
"Date" : "2015-03-21T00:09:00",
"Activities" : [ {
"ActivityName" : "SSH",
"Fields" : [ {
"FieldName" : "User",
"valueCounts" : [ {
"valueName" : "joe",
"valueCount" : 2
}, {
"valueName" : "jack",
"valueCount" : 5
}, {
"valueName" : "jane",
"valueCount" : 10
} ]
}, {
"FieldName" : "DstIP",
"valueCounts" : [ {
"valueName" : "10.1.1.1",
"valueCount" : 2
}, {
"valueName" : "10.2.2.2",
"valueCount" : 5
}, {
"valueName" : "192.168.1.1",
"valueCount" : 10
} ]
} ]
} ]
}
And, I create a mapping as:
curl -XPUT localhost:9200/_template/metrics -d '{
"template" : "metrics",
"order":2,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"metric" : {
"properties" : {
"Date" : { "type" : "date"},
"Activities" : {
"properties" : {
"ActivityName": {"type" : "string"},
"Fields" : {
"properties" : {
"FieldName" : {"type":"string"},
"valueCounts" : {
"properties" : {
"valueName" : {"type" : "string"},
"valueCount" : {"type" : "integer"}
}
}
}
}
}
}
}
}
}
}'
curl -XPOST 'http://localhost:9200/metrics/metric' -d '
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"FieldName":"User","valueCounts":[{"valueName":"joe","valueCount":2},{"valueName":"jack","valueCount":5},{"valueName":"jane","valueCount":10}]},{"FieldName":"DstIP","valueCounts":[{"valueName":"10.1.1.1","valueCount":2},{"valueName":"10.2.2.2","valueCount":5},{"valueName":"192.168.1.1","valueCount":10}]}]}]}'
But none of the fields get parsed out :(
I have tried explicitly declaring nested types within the mapping but
doesn't change anything.
What am I doing wrong?
Thanks,
Tim
On Friday, April 3, 2015 at 10:59:31 PM UTC-7, sec...@gmail.com wrote:
>
> Thanks for the pointer, Thierry.
>
>
> On Thursday, April 2, 2015 at 1:26:44 AM UTC-7, Thierry Templier wrote:
>>
>> Hi,
>>
>> In fact, you don't need to explicitely specify that a field is a list or
>> not in the mapping. This is automatically supported by ElasticSearch. See
>> this link in the documentation for more details:
>> http://www.elastic.co/guide/en/elasticsearch/reference/1.x/mapping-array-type.html
>> .
>>
>> Hope it will help you,
>> Thierry
>>
>>
>> 2015-04-02 6:46 GMT+02:00 :
>>
>>> Hi,
>>>
>>> Noob at ElasticSearch, I am trying to push some nested json to
>>> Elasticsearch and have the nested objects parsed out as facets. If I use
>>> dynamic mapping then elasticsearch does not seem to parse out the internal
>>> objects. I guess I need to define a mapping for my index?
>>>
>>> Example:
>>>
>>> {
>>> "Date": "2015-03-21T00:09:00",
>>> "Activities": [
>>> {
>>> "ActivityName": "SSH",
>>> "Fields": [
>>> {
>>> "User": [
>>> {
>>> "joe": 2,
>>> "jane": 3,
>>> "jack": 5
>>> }
>>> ]
>>> },
>>> {
>>> "DstIP": [
>>> {
>>> "HostA": 3,
>>> "HostB": 5,
>>> "HostC": 6
>>> }
>>> ]
>>> }
>>> ]
>>> }
>>> ]
>>> }
>>>
>>> I tried to follow the mapping documentation but failed to come up with a
>>> mapping that represents the JSON above. I guess I am not sure how to map
>>> lists. If it helps, here's how I create the JSON in Scala using the Jackson
>>> library:
>>>
>>> scala> nestedMap
>>> res3: scala.collection.immutable.Map[String,Object] = Map(Date ->
>>> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields ->
>>> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP ->
>>> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))
>>>
>>> scala> println(Serialization.write(nestedMap))
>>> {"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}
>>>
>>> Is there a way to get Jackson to spit out the schema that can be directly
>>> fed to elasticsearch as a mapping/template?
>>>
>>> Thanks.
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "elasticsearch" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to elasticsearc...@google
Re: Create mapping for nested json
Thanks for the pointer, Thierry.
On Thursday, April 2, 2015 at 1:26:44 AM UTC-7, Thierry Templier wrote:
>
> Hi,
>
> In fact, you don't need to explicitely specify that a field is a list or
> not in the mapping. This is automatically supported by ElasticSearch. See
> this link in the documentation for more details:
> http://www.elastic.co/guide/en/elasticsearch/reference/1.x/mapping-array-type.html
> .
>
> Hope it will help you,
> Thierry
>
>
> 2015-04-02 6:46 GMT+02:00 >:
>
>> Hi,
>>
>> Noob at ElasticSearch, I am trying to push some nested json to
>> Elasticsearch and have the nested objects parsed out as facets. If I use
>> dynamic mapping then elasticsearch does not seem to parse out the internal
>> objects. I guess I need to define a mapping for my index?
>>
>> Example:
>>
>> {
>> "Date": "2015-03-21T00:09:00",
>> "Activities": [
>> {
>> "ActivityName": "SSH",
>> "Fields": [
>> {
>> "User": [
>> {
>> "joe": 2,
>> "jane": 3,
>> "jack": 5
>> }
>> ]
>> },
>> {
>> "DstIP": [
>> {
>> "HostA": 3,
>> "HostB": 5,
>> "HostC": 6
>> }
>> ]
>> }
>> ]
>> }
>> ]
>> }
>>
>> I tried to follow the mapping documentation but failed to come up with a
>> mapping that represents the JSON above. I guess I am not sure how to map
>> lists. If it helps, here's how I create the JSON in Scala using the Jackson
>> library:
>>
>> scala> nestedMap
>> res3: scala.collection.immutable.Map[String,Object] = Map(Date ->
>> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields ->
>> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP ->
>> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))
>>
>> scala> println(Serialization.write(nestedMap))
>> {"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}
>>
>> Is there a way to get Jackson to spit out the schema that can be directly
>> fed to elasticsearch as a mapping/template?
>>
>> Thanks.
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearc...@googlegroups.com .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com
>>
>>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Best,
> Thierry
> --
> *Thierry Templier, Lead Architect*
> ttem...@restlet.com
>
>
> Restlet SAS, 6 rue Rose Dieng-Kuntz • 44300 Nantes • France
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/84a5d565-f961-46af-9bc6-86fe48c899eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Create mapping for nested json
Hi,
In fact, you don't need to explicitely specify that a field is a list or
not in the mapping. This is automatically supported by ElasticSearch. See
this link in the documentation for more details:
http://www.elastic.co/guide/en/elasticsearch/reference/1.x/mapping-array-type.html
.
Hope it will help you,
Thierry
2015-04-02 6:46 GMT+02:00 :
> Hi,
>
> Noob at ElasticSearch, I am trying to push some nested json to
> Elasticsearch and have the nested objects parsed out as facets. If I use
> dynamic mapping then elasticsearch does not seem to parse out the internal
> objects. I guess I need to define a mapping for my index?
>
> Example:
>
> {
> "Date": "2015-03-21T00:09:00",
> "Activities": [
> {
> "ActivityName": "SSH",
> "Fields": [
> {
> "User": [
> {
> "joe": 2,
> "jane": 3,
> "jack": 5
> }
> ]
> },
> {
> "DstIP": [
> {
> "HostA": 3,
> "HostB": 5,
> "HostC": 6
> }
> ]
> }
> ]
> }
> ]
> }
>
> I tried to follow the mapping documentation but failed to come up with a
> mapping that represents the JSON above. I guess I am not sure how to map
> lists. If it helps, here's how I create the JSON in Scala using the Jackson
> library:
>
> scala> nestedMap
> res3: scala.collection.immutable.Map[String,Object] = Map(Date ->
> 2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields ->
> List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP ->
> List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))
>
> scala> println(Serialization.write(nestedMap))
> {"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}
>
> Is there a way to get Jackson to spit out the schema that can be directly fed
> to elasticsearch as a mapping/template?
>
> Thanks.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com
>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Best,
Thierry
--
*Thierry Templier, Lead Architect*
ttempl...@restlet.com
Restlet SAS, 6 rue Rose Dieng-Kuntz • 44300 Nantes • France
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAL73BC21Rx2PoMYNjksbHNinia5%2BAgrHQKTrqiCod6rjvU9Bww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Create mapping for nested json
Hi,
Noob at ElasticSearch, I am trying to push some nested json to
Elasticsearch and have the nested objects parsed out as facets. If I use
dynamic mapping then elasticsearch does not seem to parse out the internal
objects. I guess I need to define a mapping for my index?
Example:
{
"Date": "2015-03-21T00:09:00",
"Activities": [
{
"ActivityName": "SSH",
"Fields": [
{
"User": [
{
"joe": 2,
"jane": 3,
"jack": 5
}
]
},
{
"DstIP": [
{
"HostA": 3,
"HostB": 5,
"HostC": 6
}
]
}
]
}
]
}
I tried to follow the mapping documentation but failed to come up with a
mapping that represents the JSON above. I guess I am not sure how to map lists.
If it helps, here's how I create the JSON in Scala using the Jackson library:
scala> nestedMap
res3: scala.collection.immutable.Map[String,Object] = Map(Date ->
2015-03-21T00:09:00, Activities -> List(Map(ActivityName -> SSH, Fields ->
List(Map(User -> List(Map(joe -> 2, jane -> 3, jack -> 5))), Map(DstIP ->
List(Map(HostA -> 3, HostB -> 5, HostC -> 6)))
scala> println(Serialization.write(nestedMap))
{"Date":"2015-03-21T00:09:00","Activities":[{"ActivityName":"SSH","Fields":[{"User":[{"joe":2,"jane":3,"jack":5}]},{"DstIP":[{"HostA":3,"HostB":5,"HostC":6}]}]}]}
Is there a way to get Jackson to spit out the schema that can be directly fed
to elasticsearch as a mapping/template?
Thanks.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/735251b3-3b00-46d3-bf41-f02efaad3b12%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
