yaauie/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Useful for finding field names from large schemas:

╭─{ rye@perhaps:~/src/elastic/scratch/ecs-20240517 }
╰─○ ./flatten_elasticsearch_legacy_template.rb < "${ecs_source?:}/generated/elasticsearch/legacy/template.json" | grep -e '\bip\b'
client.ip
client.nat.ip
destination.ip
destination.nat.ip
host.ip
observer.ip
orchestrator.resource.ip
process.entry_leader.entry_meta.source.ip
related.ip
server.ip
server.nat.ip
source.ip
source.nat.ip
threat.enrichments.indicator.ip
threat.indicator.ip
[success]


## flatten_elasticsearch_legacy_template.rb
#!/usr/bin/env ruby
require 'json'

payload = JSON.load($stdin.read)

def each_node(map, prefix=[], &block)
  map["properties"]&.each do |name, spec|
    path = prefix + [name]
    yield path
    each_node(spec, path, &block)
  end
end

each_node(payload["mappings"]) do |path|
	puts path.join('.')
end
	#!/usr/bin/env ruby
	require 'json'

	payload = JSON.load($stdin.read)

	def each_node(map, prefix=[], &block)
	map["properties"]&.each do \|name, spec\|
	path = prefix + [name]
	yield path
	each_node(spec, path, &block)
	end
	end

	each_node(payload["mappings"]) do \|path\|
	puts path.join('.')
	end