CODEWITHSUNDEEP
jsonelasticsearch
CDominik
CDominik

Reputation: 115

how to convert the Elasticsearch json output in a table?

I'm using Head plugin for ELASTICSEARCH for running queries. I want to convert in a table the output of the query.

The part that I need is just the "hits" object array where the columns are the fields that I have specified into the query: "http.date","src_shift","@timestamp","src_tz".

is there any tool or plugin to do that?

below a brief output of query:

"took": 2418,
"timed_out": false,
"_shards": {
    "total": 3503,
    "successful": 3503,
    "failed": 0
},
"hits": {
    "total": 2524,"max_score": 9.194927,"hits": [
        {
            "_index": "$002555","_type": "pcap","_id": "AVAJJphp2MeWtoWCbQYG","_score": 9.194927,"fields": {
                "src_shift": [
                    1],"http.date": [
                    "Fri, 12 Jun 2015 22:40:54 GMT"],"@timestamp": [
                    1434147980397],"src_tz": [
                    "Europe/Warsaw"]}},{
            "_index": "$002555","_type": "pcap","_id": "AVAJJphp2MeWtoWCbQYH","_score": 9.194927,"fields": {
                "src_shift": [
                    1],"http.date": [
                    "Fri, 12 Jun 2015 22:40:54 GMT"],"@timestamp": [
                    1434147980397],"src_tz": [
                    "Europe/Warsaw"]}},...

Upvotes: 3

Views: 5409

Answers (2)

curran
curran

Reputation: 1316

There's a utility in Kibana called tabify that converts ElasticSearch results into tabular form. You can find its implementation here: https://github.com/elastic/kibana/blob/master/src/ui/public/agg_response/tabify/tabify.js

Upvotes: 2

Val
Val

Reputation: 217324

In the head plugin, on your Any Request tab, you can use the Result Transformer section located just below the Query section. By default it returns the whole JSON response.

Result Transformer section

You can modify that and massage the response to return whatever you want. In your case, if you replace the default return root; by the code below, you'll get what you want:

return root.hits.hits.map(function(hit) {
    var values = [];
    for (var field in hit.fields) {
        values.push(hit.fields[field]);
    }
    return values.join(",");
});

The output should be

1,"Fri, 12 Jun 2015 22:40:54 GMT",1434147980397,"Europe/Warsaw"
1,"Fri, 12 Jun 2015 22:40:54 GMT",1434147980397,"Europe/Warsaw"
...

Upvotes: 4

Related Questions