elasticsearch ElasticSearch转换,无嵌套字段名的脚本化_度量,elasticsearch,scripting,transformation,elasticsearch,Scripting,Transformation" /> elasticsearch ElasticSearch转换,无嵌套字段名的脚本化_度量,elasticsearch,scripting,transformation,elasticsearch,Scripting,Transformation" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch ElasticSearch转换,无嵌套字段名的脚本化_度量

elasticsearch ElasticSearch转换,无嵌套字段名的脚本化_度量

scripting

elasticsearch ElasticSearch转换,无嵌套字段名的脚本化_度量,elasticsearch,scripting,transformation,elasticsearch,Scripting,Transformation,我创建了一个ElasticSearch转换,如下所示: "source": { "index": "input_index" }, "dest" : { "index" : "output_index" }, "pivot": { "group_by": { "device

我创建了一个ElasticSearch转换,如下所示:

"source": {
    "index": "input_index"
  },
  "dest" : { 
    "index" : "output_index"
  },
  "pivot": {
    "group_by": { 
      "device_id": { "terms": { "field": "device_id.keyword" }}
    },
    "aggregations": {
      "@timestamp": {
        "max": {
          "field": "@timestamp"
        }
      },
      "latest_doc": {
        "scripted_metric": {
           "init_script": ...,
           "map_script": ... }",
           "combine_script": "return state",
           "reduce_script": .... return last_doc   (last_doc contains document from input_index) 
        }
      }
    }
  }
这非常有效,但是目标索引中的所有字段都以“latest_doc”开头。 有没有办法防止字段名与此最新文档标签一起出现

(否则,我必须对输入索引和输出索引使用不同的索引模板)

找到了一个解决方法,供任何想知道的人使用:

添加了一个摄取管道:

PUT _ingest/pipeline/remove_trailing_
{
    "processors": [{
            "script": {
                "source": """
                for(item in ctx['latest_doc'].entrySet()) {
                   def f1 = 'latest_doc.' + item.getKey();
                   def f2 = item.getKey();
                   ctx[f2] = item.getValue();
                }
                ctx.remove('latest_doc');
                """
            }
        }
    ]
}