CDominik CDominik - 2 months ago 23
JSON Question

how to convert the Elasticsearch json output in a table?

I'm using Head plugin for ELASTICSEARCH for running queries.
I want to convert in a table the output of the query.

The part that I need is just the "hits" object array
where the columns are the fields that I have specified into the query:
"http.date","src_shift","@timestamp","src_tz".

is there any tool or plugin to do that?

below a brief output of query:

"took": 2418,
"timed_out": false,
"_shards": {
"total": 3503,
"successful": 3503,
"failed": 0
},
"hits": {
"total": 2524,"max_score": 9.194927,"hits": [
{
"_index": "$002555","_type": "pcap","_id": "AVAJJphp2MeWtoWCbQYG","_score": 9.194927,"fields": {
"src_shift": [
1],"http.date": [
"Fri, 12 Jun 2015 22:40:54 GMT"],"@timestamp": [
1434147980397],"src_tz": [
"Europe/Warsaw"]}},{
"_index": "$002555","_type": "pcap","_id": "AVAJJphp2MeWtoWCbQYH","_score": 9.194927,"fields": {
"src_shift": [
1],"http.date": [
"Fri, 12 Jun 2015 22:40:54 GMT"],"@timestamp": [
1434147980397],"src_tz": [
"Europe/Warsaw"]}},...

Val Val
Answer

In the head plugin, on your Any Request tab, you can use the Result Transformer section located just below the Query section. By default it returns the whole JSON response.

Result Transformer section

You can modify that and massage the response to return whatever you want. In your case, if you replace the default return root; by the code below, you'll get what you want:

return root.hits.hits.map(function(hit) {
    var values = [];
    for (var field in hit.fields) {
        values.push(hit.fields[field]);
    }
    return values.join(",");
});

The output should be

1,"Fri, 12 Jun 2015 22:40:54 GMT",1434147980397,"Europe/Warsaw"
1,"Fri, 12 Jun 2015 22:40:54 GMT",1434147980397,"Europe/Warsaw"
...