Skip to content

Instantly share code, notes, and snippets.

@djptek

djptek/Modeling_Granular_Fields_Parse_Display_Name_to_Major_Minor_Bugfix.painless

Last active July 5, 2019 08:15
Show Gist options
  • Save djptek/28a0ccb8ce1b72ce1ae84c73f1b30f8d to your computer and use it in GitHub Desktop.
Save djptek/28a0ccb8ce1b72ce1ae84c73f1b30f8d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Modeling_Granular_Fields_Parse_Display_Name_to_Major_Minor_Bugfix.painless
# (updated 2019/07/05 thanks @pmusa)
###########
GET _ingest/processor/grok
POST _ingest/pipeline/_simulate
{
"pipeline": {
"description": "parse major.minor.patch to sub-fields",
"processors": [
{
"grok": {
"field": "version.display_name",
"patterns": [
"%{INT:version.major:int}.%{INT:version.minor:int}.%{INT:version.bugfix:int}"
]
}
}
]
},
"docs": [
{
"_source": {
"version": {
"display_name": "6.2.1"
}
}
}
]
}
###########
@pmusa
Copy link

pmusa commented Jul 4, 2019

You could just do %{INT:version.major:int} and drop the converts.
https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html#grok-basics

@djptek
Copy link
Author

djptek commented Jul 5, 2019

Thanks @pmusa - grok added quotes to the source (even though it is INT)

with convert

"_source" : {
          "version" : {
            "major" : 6,
            "minor" : 2,
            "display_name" : "6.2.1",
            "bugfix" : 1
          }
        }

without convert

"_source" : {
          "version" : {
            "major" : "6",
            "minor" : "2",
            "display_name" : "6.2.1",
            "bugfix" : "1"
          }
        }

so I agree that would work if there is an existing mapping + coercion

e.g.

PUT test_pipe
{
  "mappings": {
    "properties": {
      "version": {
        "properties": {
          "bugfix": {
            "type": "byte"
          },
          "display_name": {
            "type": "keyword"
          },
          "major": {
            "type": "byte"
          },
          "minor": {
            "type": "byte"
          }
        }
      }
    }
  }
}

@pmusa
Copy link

pmusa commented Jul 5, 2019

I think you missed the :int on the right-hand side. Notice in the example below that while 2 and 1 are strings 6 is a number.

POST _ingest/pipeline/_simulate
{
  "pipeline": {
    "description": "parse major.minor.patch to sub-fields",
    "processors": [
      {
        "grok": {
          "field": "version.display_name",
          "patterns": [
            "%{INT:version.major:int}.%{INT:version.minor}.%{INT:version.bugfix}"
          ]
        }
      }
    ]
  },
  "docs": [
    {
      "_source": {
        "version": {
          "display_name": "6.2.1"
        }
      }
    }
  ]
}

@djptek
Copy link
Author

djptek commented Jul 5, 2019

@pmusa now I see! Thanks, I'll update the example above

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment