GaneshRavi22
commented
9 years ago I have added this feature and done the tests, will create a pull-request shortly
Closed GaneshRavi22 closed 8 years ago
GaneshRavi22
commented
9 years ago I have added this feature and done the tests, will create a pull-request shortly
Wedjaa
commented
9 years ago Have you tried using "_source" to select the returned fields? IE:
{ "_source": [ "name", "description", "group" ], "query": { "match_all": {} } }
GaneshRavi22
commented
9 years ago Yes, it does work perfectly for a non-hierarchical JSON document. But when it is hierarchical, it does not work as we want it to (but it does not mean it is wrong). Consider the following sample JSON document in an ES index:
{
"eventSource" : "device1",
"eventProcessingTime" : 1440158289685,
"event" : {
"state" : "cleared",
"cause" : "LossOfSignal",
"domain" : "ip_network"
}
}In this case, if I run the following query:
{
"_source": [ "eventSource", "event.state", "event.domain" ],
"query": { "match_all": {} }
}the response would be in the form of:
{
"hits" : [ {
"_source" : { "event" : {"state" : "cleared", "domain" : "ip_network"}, "eventSource" : "device1" }]
}This means that the response fields available to be used in the Jasper report are only a) eventSource b) event (as a whole)
But if we want the response fields to be: a) eventSource b) event.state c) event.domain then we need to use the query as below:
{
"fields" : [ "eventSource", "event.state", "event.domain" ],
"query": {
"match_all": {}
}
}This is a specific requirement for us. So I would understand if you choose not to merge this feature.
mrwho
commented
9 years ago I will definitely review and merge the PR - it was just a suggestion as a workaround. I was just suggesting a workaround.
Thank you for your help!
2015-08-25 7:35 GMT-05:00 Ganesh Ravi notifications@github.com:
Yes, it does work perfectly for a non-hierarchical JSON document. But when it is hierarchical, it does not work as we want it to (but it does not mean it is wrong). Consider the following sample JSON document in an ES index:
{ "eventSource" : "device1", "eventProcessingTime" : 1440158289685, "event" : { "state" : "cleared", "cause" : "LossOfSignal", "domain" : "ip_network" } }
In this case, if I run the following query:
{ "_source": [ "eventSource", "event.state", "event.domain" ], "query": { "match_all": {} } }
the response would be in the form of:
{ "hits" : [ { "_source" : { "event" : {"state" : "cleared", "domain" : "ip_network"}, "eventSource" : "device1" }] }
This means that the response fields available to be used in the Jasper report are only a) eventSource b) event (as a whole)
But if we want the response fields to be: a) eventSource b) event.state c) event.domain then we need to use the query as below:
{ "fields" : [ "eventSource", "event.state", "event.domain" ], "query": { "match_all": {} } }
This is a specific requirement for us. So I would understand if you choose not to merge this feature.
— Reply to this email directly or view it on GitHub https://github.com/WedjaaOpen/ElasticParser/issues/8#issuecomment-134571243 .
GaneshRavi22
commented
9 years ago Ok, sure. I have created the PR. Also if I may ask a favour, can you please create a build of the Eclipse plug-in with the latest version of the Parser and Adapter jar file :)
mrwho
commented
9 years ago Will look at the PR - merge and update the plugin.
Thanks
Fabio
2015-08-25 7:49 GMT-05:00 Ganesh Ravi notifications@github.com:
Ok, sure. I have created the PR. Also if I may ask a favour, can you please create a build of the Eclipse plug-in with the latest version of the Parser and Adapter jar file :)
— Reply to this email directly or view it on GitHub https://github.com/WedjaaOpen/ElasticParser/issues/8#issuecomment-134574145 .
Wedjaa
commented
8 years ago Creating a new plugin that supports this and ES 2.x.
In ES, we can project only certain fields to be returned in the hits. For example consider the following:
When we use the above query in HITS mode, no response fields are returned by the ElasticParser.