用于计算 json 列表大小的 Kibana 无痛脚本
Kibana painless script to count the json list size
我在 elasticsearch 索引中有 json 数据如下:
{
"_index": "tower",
"_type": "_doc",
"_id": "sadssasadsadsa",
"_version": 1,
"_score": null,
"_source": {
"task": "",
"event_data": {
"playbook_uuid": "sasdsad21w",
"processed": {
"11.22.33.46": 1,
"11.22.33.44": 1,
"11.22.33.45": 1
},
"failures": {
"11.22.33.46": 1
},
"changed": {
"11.22.33.44": 1
},
"playbook": "test.yml",
"ignored": {},
"ok": {
"11.22.33.46": 1,
"11.22.33.44": 4,
"11.22.33.45": 1
},
"dark": {
"11.22.33.45": 1
}
},
"level": "INFO",
"event_display": "Playbook Complete",
"stdout": "\r\nPLAY RECAP *********************************************************************\r\n\u001b[0;33m11.22.33.44\u001b[0m : \u001b[0;32mok=4 \u001b[0m \u001b[0;33mchanged=1 \u001b[0m unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \r\n\u001b[0;31m11.22.33.45\u001b[0m : \u001b[0;32mok=1 \u001b[0m changed=0 \u001b[1;31munreachable=1 \u001b[0m failed=0 skipped=0 rescued=0 ignored=0 \r\n\u001b[0;31m11.22.33.46\u001b[0m : \u001b[0;32mok=1 \u001b[0m changed=0 unreachable=0 \u001b[0;31mfailed=1 \u001b[0m skipped=0 rescued=0 ignored=0 \r\n",
"@version": "1",
"tags": [
"tower"
]
},
"fields": {
"@timestamp": [
"2020-12-24T06:14:20.202Z"
]
}
}
现在我想创建一个无痛脚本来计算
的大小
"processed": {
"11.22.33.46": 1,
"11.22.33.44": 1,
"11.22.33.45": 1
},
"failures": {
"11.22.33.46": 1
},
"dark": {
"11.22.33.45": 1
}
例如,此处的计数类似于
processed: 3
failures: 1
dark: 1
所有这些值都将存储在一个新字段中。
我尝试使用 return params['_source']['event_data']['processed'].size(); 只是为了获得处理后的尺寸,但它不起作用。
如有任何帮助,我们将不胜感激。
您可以像这样使用 script_fields:
GET tower/_search
{
"script_fields": {
"ev_data_counts": {
"script": {
"source": """
def counts_by_status = [:];
counts_by_status['processed'] = params['_source']['event_data']['processed'].size();
counts_by_status['failures'] = params['_source']['event_data']['failures'].size();
counts_by_status['dark'] = params['_source']['event_data']['dark'].size();
return counts_by_status
"""
}
}
}
}
屈服
"hits" : [
{
...
"fields" : {
"ev_data_counts" : [
{
"processed" : 3,
"failures" : 1,
"dark" : 1
}
]
}
}
]
我在 elasticsearch 索引中有 json 数据如下:
{
"_index": "tower",
"_type": "_doc",
"_id": "sadssasadsadsa",
"_version": 1,
"_score": null,
"_source": {
"task": "",
"event_data": {
"playbook_uuid": "sasdsad21w",
"processed": {
"11.22.33.46": 1,
"11.22.33.44": 1,
"11.22.33.45": 1
},
"failures": {
"11.22.33.46": 1
},
"changed": {
"11.22.33.44": 1
},
"playbook": "test.yml",
"ignored": {},
"ok": {
"11.22.33.46": 1,
"11.22.33.44": 4,
"11.22.33.45": 1
},
"dark": {
"11.22.33.45": 1
}
},
"level": "INFO",
"event_display": "Playbook Complete",
"stdout": "\r\nPLAY RECAP *********************************************************************\r\n\u001b[0;33m11.22.33.44\u001b[0m : \u001b[0;32mok=4 \u001b[0m \u001b[0;33mchanged=1 \u001b[0m unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \r\n\u001b[0;31m11.22.33.45\u001b[0m : \u001b[0;32mok=1 \u001b[0m changed=0 \u001b[1;31munreachable=1 \u001b[0m failed=0 skipped=0 rescued=0 ignored=0 \r\n\u001b[0;31m11.22.33.46\u001b[0m : \u001b[0;32mok=1 \u001b[0m changed=0 unreachable=0 \u001b[0;31mfailed=1 \u001b[0m skipped=0 rescued=0 ignored=0 \r\n",
"@version": "1",
"tags": [
"tower"
]
},
"fields": {
"@timestamp": [
"2020-12-24T06:14:20.202Z"
]
}
}
现在我想创建一个无痛脚本来计算
的大小"processed": {
"11.22.33.46": 1,
"11.22.33.44": 1,
"11.22.33.45": 1
},
"failures": {
"11.22.33.46": 1
},
"dark": {
"11.22.33.45": 1
}
例如,此处的计数类似于
processed: 3
failures: 1
dark: 1
所有这些值都将存储在一个新字段中。
我尝试使用 return params['_source']['event_data']['processed'].size(); 只是为了获得处理后的尺寸,但它不起作用。
如有任何帮助,我们将不胜感激。
您可以像这样使用 script_fields:
GET tower/_search
{
"script_fields": {
"ev_data_counts": {
"script": {
"source": """
def counts_by_status = [:];
counts_by_status['processed'] = params['_source']['event_data']['processed'].size();
counts_by_status['failures'] = params['_source']['event_data']['failures'].size();
counts_by_status['dark'] = params['_source']['event_data']['dark'].size();
return counts_by_status
"""
}
}
}
}
屈服
"hits" : [
{
...
"fields" : {
"ev_data_counts" : [
{
"processed" : 3,
"failures" : 1,
"dark" : 1
}
]
}
}
]