Add support for nested documents

brunotm / elasticsplunk

A Search command to explore Elasticsearch data within Splunk.

MIT License

40 stars 25 forks source link

Add support for nested documents #4

Closed brunotm closed 6 years ago

brunotm commented 6 years ago

Currently ElasticSplunk doesn't handle nested documents in search hits from Elastic (it does handle searches although - object.object.attr:value in query argument).

This can be handled as it is done in resultd by Kibana, by flattening nested documents like:

{
  "l1": {
    "l2": {
     "attr1": "value"
    }
  }
}

Into: l1.l2.attr1:value

The same structure can be used for searches.

Thanks @heipei for bringing this up.

brunotm commented 6 years ago

@heipei

Can you please test f432f916d57c52dc1493cf04e3e935fbd10382c6 ?

Thanks!