我创建了一个类似于以下的ElasticSearch转换:
"source": {
"index": "input_index"
},
"dest" : {
"index" : "output_index"
},
"pivot": {
"group_by": {
"device_id": { "terms": { "field": "device_id.keyword" }}
},
"aggregations": {
"@timestamp": {
"max": {
"field": "@timestamp"
}
},
"latest_doc": {
"scripted_metric": {
"init_script": ...,
"map_script": ... }",
"combine_script": "return state",
"reduce_script": .... return last_doc (last_doc contains document from input_index)
}
}
}
}
这非常有效,但目的地索引中的所有字段都以"开头;latest_doc&";。有没有办法防止字段名前面加上这个latest_doc标签?
(否则,我必须为输入索引和输出索引使用不同的索引模板(
为任何想知道的人找到了一个变通方法:
添加了一个摄取管道:
PUT _ingest/pipeline/remove_trailing_
{
"processors": [{
"script": {
"source": """
for(item in ctx['latest_doc'].entrySet()) {
def f1 = 'latest_doc.' + item.getKey();
def f2 = item.getKey();
ctx[f2] = item.getValue();
}
ctx.remove('latest_doc');
"""
}
}
]
}