I am struggling with an issue, that my if condition is completely ignored by logstash.
It is nothing complicated, but yet I can't see my tags added to the event.
if [records][properties][resourceDisplayName] =~ /Windows Azure Active Directory/ {
mutate {
remove_tag => [ "Windows" ]
add_tag => [ "Azure" ]
}
}
if [records][properties][resourceDisplayName] =~ /Outlook/ {
mutate {
remove_tag => [ "Windows" ]
add_tag => [ "Outlook" ]
}
}
Tags "Azure" and "Outlook" are not added at all and tag "Windows" is still available.
I have tried also like this:
if "Outlook" in [records][properties][resourceDisplayName] {
do something
}
and this
if [records][properties][resourceDisplayName] == "Outlook" {
do something
}
But it didn't work either.
What am I doing wrong?
It turned out it was an array.
This worked for me.
if [records][0][properties][resourceDisplayName]
Related
I'm using the mongoid 6.1.0 aggregation framework in my Rails 5 project. I need to add a $match pipeline if the value of a search field (text or select field) is not empty. Otherwise, it should be ignored and don't filter results. Something like:
#messages = Message.collection.aggregate([
{ '$match' => {'month': {'$gte' => #fr_mnth, '$lte' => #to_mnth}}},
{ '$group' => {'_id': '$mmsi'} },
{ '$lookup' => {'from': 'ships', 'localField': "_id", 'foreignField': "mmsi", as: "ship"}},
{ '$match' => {"ship.n2": params[:n2] if !params[:n2].blank? }}
]).allow_disk_use(true)
or to be more clear:
if not params[:n2].blank? { '$match' => {"ship.n2": params[:n2] }}
The problem is that if !params[:n2].blank? cannot be included in the aggregation framework. Is there any other alternative solution?
I don't know ruby, but maybe I understand your problem.
Pseudo-code
# DON'T DO SO! SEE UPDATE BELOW
if your_condition is true:
filter = { field: 'some value' }
else:
filter = { # always true condition
$or: [
{ field: { $exists: true } },
{ field: { $exists: false } }
]
}
Message.collection.aggregate([
# ...
{
"$match": filter
}
])
UPDATE:
As Aboozar Rajabi noted, if condition is true then we can just add $match stage to pipeline:
pipeline = [
# stages
];
if condition is true:
pipeline.push({
$match: {
# filter
}
});
The above pseudo-code (Kan A's answer) is translated to Ruby and Mongoid aggregation framework as its syntax might be a bit confusing and there're a few Mongoid aggregation examples online:
if not params[:field].blank?
filter = { "db_field_name": params[:field] }
else
filter = {
'$or' => [
{ "db_field_name" => { '$exists' => true } },
{ "db_field_name" => { '$exists' => false } }
]
}
end
I hope it would help the others who will see this page later. Also, this solution and the code in the question would be an example of using MongoDB aggregation framework in a Rails or Ruby project.
I have following two array of hashes. I am trying to remove the record from doctor array hash whose doctor_patient_id doesnt not exist in doctor_patient_id array of patient_and_doctor array of hash.
doctor = [
{ :doctor_patient_id=>"abc",
:doctor_id=>"d1"
},
{ :doctor_patient_id=>"def",
:doctor_id=>"d2"
},
{ :doctor_patient_id=>"ghi",
:doctor_id=>"d3"
}
]
patient_and_doctor = [
{ :patient_id=>"11e8f37477ab7028a66b210b9699def9",
:doctor_patient_id=>[ "def", "zkj", "cps" ]
},
{ :patient_id=>"11e8f37481fabfe68630f5da2e22dceb",
:doctor_patient_id=>[ "uio", "ghi", "jkk" ]
}
]
expected output is:
doctor = [
{ :doctor_patient_id=>"def",
:doctor_id=>”d2”
},
{ :doctor_patient_id=>"ghi",
:doctor_id=>”d3”
}
]
I tried to do something like below but no luck,
patient_and_doctor.each do |dp|
data = doctor.map {|d| d[:doctor_patient_id].include?
dp[:doctor_patient_id] }
end
How can i achieve this?
valid_ids = patient_and_doctor.flat_map { |h| h[:doctor_patient_id] }
# => ["def", "zkj", "cps", "uio", "ghi", "jkk"]
doctor.select { |h| valid_ids.include? h[:doctor_patient_id] }
# => [{:doctor_patient_id=>"def", :doctor_id=>"d2"},
# {:doctor_patient_id=>"ghi", :doctor_id=>"d3"}]
use select! instead of select if you wish to mutate your doctor array instead of returning a new one.
Following can get required answer,
doctor.select { |x| patient_and_doctor.map { |x| x[:doctor_patient_id] }.flatten.include?(x[:doctor_patient_id]) }
I'm trying to make a "not simple" query using ActiveRecord:
ChatRoom.first.as_json(include: {
chat_room_members: {
include:{
user: {
include: [
hero_page: {
only: [:torch_id]
},
card: {
only: [:crop_y]
}
]
}
}}})
In the model, a ChatRoom has many ChatRoomMembers, that has an User, that has a HeroPage and a Card.
The problem is that ActiveRecord completely ignores the argument card. More specifically, ignores the all arguments after the first argument inside user: include{}:
{
"id" =>22,
"chat_room_members" => [
{
"id" =>7,
"user" => {
"id" =>22,
"hero_page" => {
"torch_id" =>"superhero23"
},
}
}
]
}
But if I remove the only argument from either hero_page or card, ActiveRecord show everything fine. Exemple:
[...]
include: [
hero_page: {
only: [:torch_id]
},
:card
]
[...]
Other weird fact is that I can type anything (respecting syntax) in the second argument and in causes no error. Example:
[...]
include: [
hero_page: {
only: [:torch_id]
},
this: {
only: [:doesnt, :cause, :error]
}
]
[...]
Just like in the first example, shows only hero_page and ignore the other parameter, this, that doesn't even exists.
Does someone know why the second argument is ignored in those cases??
user.include needs to be hash not an Array as you have done currently.
I need to convert the following hash:
{
"item[0][size]" => "12",
"item[0][count]" => "1"
}
to this:
{
"item": {
"0": {
"size": "12",
"count": "1"
}
}
}
Could you please advice on how to achieve that most gracefully? Maybe I can reuse some ActionPack's utility method that is used for parsing parameter strings?
You can reuse a rack lib method Rack::Utils.parse_nested_query
require "rack"
def p p
Rack::Utils.parse_nested_query(p)
end
p 'item[0][size]=12' # => {"item"=>{"0"=>{"size"=>"12"}}}
Found here.
After some research I found a way to parse nested query keys using http://apidock.com/rails/Rack/Utils/parse_nested_query:
Rack::Utils.parse_nested_query('item[0][size]')
=> {
"item" => {
"0" => {
"size" => nil
}
}
}
So it's now possible to do:
items_string = item_hash.to_a.map { |row| row.join('=') }.join('&')
result = Rack::Utils.parse_nested_query(items_string)
=> {
"item" => {
"0" => {
"size" => "12",
"count" => "1"
}
}
}
I tried follow the elasticsearch doc to execute my elasticsearch with a filter but couldn't do that.
Here is my example:
class Post
def as_indexed_json(options={})
self.as_json(
only: [ :id, :title, :published ],
filter: {
bool: {
should: {
term: { published: true }
}
}
}
)
end
end
Do you guys tried this before?
Can someone give me a hand on that?
Cheers
Not so sure, but it seems to me that you have an ES syntactic error.
Could you please past the JSon sent through the ES request?
I guess that your JSon should look like this:
{
"filter": {
"bool": {
"should": [
{
"term": {
"published": true
}
}
]
}
}
}
But you send this:
{
"only" : [ "valueForId", "valueForTitle", "isPublished" ],
"filter": {
"bool": {
"should": [
{
"term": {
"published": true
}
}
]
}
}
}
Note: to more accurate answers regarding ES, inform the version of the tools you are using (ES 1.0.1 for example) and the data (the content of the JSon) sent to the ES Server, because ES had a quite important syntactic change in the past months and sometimes it is hard to figure out what your class is doing or what you have in your params (:id, :title ...).