question

Matthieu A. avatar image
Matthieu A. asked ·

Issue with Elasticsearch - how to index values under the field "userActions" ?

Hello,

We are using the feature "User session export" in Dynatrace to send all the sessions in an Elasticsearch database. I have applied the sample mapping provided by Dynatrace to create the index but I have a problem : it is not possible to index the values (in Kibana) under the field "userActions" because the type of this field is an array. The error/warning message is the following in Kibana : "Objects in arrays are not well supported" :

Is there a solution (an another mapping file for Elasticsearch?) which permit to index the values contained in this field ? I'm not a guru with Elasticsearch, if experts are in the place... ;-)

Thanks in advance,
Regards,
Matthieu.

dynatrace saasuser session monitoringuser actions
es-dynatrace.png (25.8 KiB)
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Matthieu A. avatar image
Matthieu A. answered ·

Hi Alonso, Thank you for your answer.

I thought about this solution but the problem is that a plugin must evolve with the Kibana version. In addition, version 6.4.1 of Kibana is not yet supported (last release for v6.3.2): https://ppadovani.github.io/knql_plugin/installati...

An another plugin exists but the latest compatible release is also for v6.3.2 : https://github.com/istresearch/kibana-object-format

Is the use of a plugin the only solution to this problem ?

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Alonso F. avatar image
Alonso F. answered ·

Hi Matthieu,

This is a problem related to the way Kibana handles nested queries. To solve this issue, you may want to take a look at this plugin https://github.com/ppadovani/KibanaNestedSupportPlugin.

Regards

Alonso

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Matthieu A. avatar image
Matthieu A. answered ·

I forgot to mention that we use the latest version of Kibana and Elasticsearch (6.4.1)

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.