Hello,
I try to group by tags an array of objects.
with all the tests I did, either it selects nothing, either it selects all the objects.
the document looks to something like:
{
“@hostname”: “argon”,
“@timestamp”: “2019-04-10T10:41:50.158Z”,
“netdev”: [
{
“@iface”: “virbr0-nic”,
“@state”: “down”
},
{
“@iface”: “enp3s0”,
“@state”: “up”,
“recv_bytes”: 1318.0,
“recv_multicast”: 3.0,
“recv_packets”: 15.0,
“trans_bytes”: 2964.0,
“trans_packets”: 12.0
},
{
“@iface”: “lo”,
“@state”: “unknown”,
“recv_bytes”: 4911.0,
“recv_packets”: 21.0,
“trans_bytes”: 4911.0,
“trans_packets”: 21.0
},
{
“@iface”: “virbr0”,
“@state”: “down”
}
]
}
the group tags fileds are
tags query:
{"find": "terms", "field": "netdev.@state"}
tags value query:
{"find": "terms", "field": "netdev.@iface", "query":"netdev.@state:$tag"}
As you can see in the screenshot, this query selects all the interfaces.
Is it supported or did I made a mistake on the query line?