Querying for values in an array with Elasticsearch datasource

Grafana Elasticsearch
, ,
1

  • What Grafana version and what operating system are you using? 9.4.2

  • What are you trying to achieve?

I have an Elasticsearch datasource with a nested field that when posting to Elasticsearch is an array of strings or empty (null).

The data view shows it like this:

image
image1966×662 49.1 KB

In Discover, I see it like this:

image
image1568×422 48.4 KB

In Grafana, I can see those records in a panel’s table:

image
image1412×666 22.8 KB

Now, how do I query in Grafana for records that have a particular array value?

When I do:

study_chain.study_ids:"[STUDY_FOO, STUDY_BAR]"

Nothing is returned.

When I do:

study_chain.study_ids:"["STUDY_FOO"]"

I get some results, but also those containing STUDY_BAR.

Adding .keyword does not work either, so when I do:

study_chain.study_ids.keyword:"STUDY_FOO"

it returns STUDY_BAR as well.

2

The answer is a combination of individual queries. E.g. to get those records where there is at least one match:

study_chain.study_ids.keyword:"STUDY_FOO"

… or where both must exist:

study_chain.study_ids.keyword:"STUDY_FOO" and study_chain.study_ids.keyword:"STUDY_BAR"

… or where the specific combination is not used:

NOT (study_chain.study_ids.keyword:"STUDY_FOO" AND study_chain.study_ids.keyword:"STUDY_BAR")