Re: Queries with fields {...} don't return field with dot in their name
Hello Ben ,
This is defenitely an ambiguity.
By request.user , in the usual case ES expects a data like
"request" : {
"user" : "vm"
}
Try "request\.user" or something. Some mechanism to escape the dot.
Thanks
Vineeth
On Wed, Jul 2, 2014 at 1:13 PM, benq wrote:
> Hello Vineeth,
>
> the items that are indexed in elasticsearch really contains a field named
> "response.user".
>
> "_source": {
> "clientip": "aaa.bbb..ddd",
>
> "request": "http://.aa/b/c";,
>
> "request.accept-encoding": "gzip, deflate", "request.accept-language":
> "de-ch", "response.content-type": "text/html; charset=UTF-8",
>
> "response": 200,
>
> "response.age": "0", "response.user": "userAAA", "@timestamp":
> "2014-07-01T12:18:51.501+02:00", }
>
>
> I realize there is an ambiguity between a field with a dot in its name and
> a field of a child document. Should fields with dot in their name be
> avoided?
>
> Benoît
>
> Le mardi 1 juillet 2014 19:17:41 UTC+2, vineeth mohan a écrit :
>>
>> Hello Ben ,
>>
>> Can you paste a sample feed.
>>
>> Thanks
>>Vineeth
>>
>>
>> On Tue, Jul 1, 2014 at 8:26 PM, benq wrote:
>>
>>> Hi all,
>>>
>>> I have a query that specify the fields to be returned as described here:
>>> http://www.elasticsearch.org/guide/en/elasticsearch/reference/
>>> current/search-request-fields.html
>>> However, it does not return the fields with a dot in their name, like
>>> "response.user".
>>>
>>> For example,
>>> Ex:
>>> {
>>> "size": 1000,
>>> "fields": ["@timestamp", "request", "response", "response.user",
>>> "clientip"],
>>> "query": {"match_all": {} },
>>> "filter": {
>>> "and": [
>>> { "range": { "@timestamp": { "from": ...
>>>
>>> ]
>>> }
>>> }
>>>
>>> The timestamp, request, response and clientip fields are returned. The
>>> response.user is not.
>>>
>>> Any idea why?
>>>
>>> Regards,
>>> Benoît
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "elasticsearch" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to elasticsearc...@googlegroups.com.
>>>
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/elasticsearch/cc08476f-0c6e-47bc-870a-2008386636c5%
>>> 40googlegroups.com
>>>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/86f48242-6514-4d4b-9809-362e18af1d95%40googlegroups.com
>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAGdPd5keeKB99M4rh1rKX74%3D0P%3DUqEEZtWVi0sq5-PYwY4WbKg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: Queries with fields {...} don't return field with dot in their name
Hello Vineeth,
the items that are indexed in elasticsearch really contains a field named
"response.user".
"_source": {
"clientip": "aaa.bbb..ddd",
"request": "http://.aa/b/c";,
"request.accept-encoding": "gzip, deflate", "request.accept-language":
"de-ch", "response.content-type": "text/html; charset=UTF-8",
"response": 200,
"response.age": "0", "response.user": "userAAA", "@timestamp":
"2014-07-01T12:18:51.501+02:00", }
I realize there is an ambiguity between a field with a dot in its name and
a field of a child document. Should fields with dot in their name be
avoided?
Benoît
Le mardi 1 juillet 2014 19:17:41 UTC+2, vineeth mohan a écrit :
>
> Hello Ben ,
>
> Can you paste a sample feed.
>
> Thanks
>Vineeth
>
>
> On Tue, Jul 1, 2014 at 8:26 PM, benq >
> wrote:
>
>> Hi all,
>>
>> I have a query that specify the fields to be returned as described here:
>> http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html
>> However, it does not return the fields with a dot in their name, like
>> "response.user".
>>
>> For example,
>> Ex:
>> {
>> "size": 1000,
>> "fields": ["@timestamp", "request", "response", "response.user",
>> "clientip"],
>> "query": {"match_all": {} },
>> "filter": {
>> "and": [
>> { "range": { "@timestamp": { "from": ...
>>
>> ]
>> }
>> }
>>
>> The timestamp, request, response and clientip fields are returned. The
>> response.user is not.
>>
>> Any idea why?
>>
>> Regards,
>> Benoît
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearc...@googlegroups.com .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/cc08476f-0c6e-47bc-870a-2008386636c5%40googlegroups.com
>>
>>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/86f48242-6514-4d4b-9809-362e18af1d95%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Queries with fields {...} don't return field with dot in their name
Hello Ben ,
Can you paste a sample feed.
Thanks
Vineeth
On Tue, Jul 1, 2014 at 8:26 PM, benq wrote:
> Hi all,
>
> I have a query that specify the fields to be returned as described here:
> http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html
> However, it does not return the fields with a dot in their name, like
> "response.user".
>
> For example,
> Ex:
> {
> "size": 1000,
> "fields": ["@timestamp", "request", "response", "response.user",
> "clientip"],
> "query": {"match_all": {} },
> "filter": {
> "and": [
> { "range": { "@timestamp": { "from": ...
>
> ]
> }
> }
>
> The timestamp, request, response and clientip fields are returned. The
> response.user is not.
>
> Any idea why?
>
> Regards,
> Benoît
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/cc08476f-0c6e-47bc-870a-2008386636c5%40googlegroups.com
>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAGdPd5m%2BapqyKN7fQzhH%3DX%2B4Vn_s7Pd5Lso102oZb%3Du9F128nw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Queries with fields {...} don't return field with dot in their name
Hi all,
I have a query that specify the fields to be returned as described
here:
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html
However, it does not return the fields with a dot in their name, like
"response.user".
For example,
Ex:
{
"size": 1000,
"fields": ["@timestamp", "request", "response", "response.user",
"clientip"],
"query": {"match_all": {} },
"filter": {
"and": [
{ "range": { "@timestamp": { "from": ...
]
}
}
The timestamp, request, response and clientip fields are returned. The
response.user is not.
Any idea why?
Regards,
Benoît
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cc08476f-0c6e-47bc-870a-2008386636c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
