I’m using the Elasticsearch node, and I haven’t found a way to set the “_source” attribute. It seems to be ignored in the “query” parameter of the Elasticsearch node.
What is the error message (if any)?
I don’t want all the columns returned, for the sake of saving resources.
I’ve tried to filter the “_source” attribute to make use of the “Simplify” functionality. To no use.
My other strategy was to use the “fields” attribute to get only the “@timestamp” value, as follows, without using the simplify option:
It does work, but since all the other fields are being returned on the “_source” attribute, even when I set “_source” to false, it defeats the purpose of saving resources.
As far as I can tell, the query parameter on the Elasticsearch node ignores the “_source” parameter, so I can’t find a way to return, say, only the “@timestamp” column. Instead I always get all the columns on the “_source”.
What’s the recommended way to get only the needed columns and avoid unnecessary resources usage?
Ok, it turns out the ‘Source Excludes’ and ‘Source Includes’ parameters are only listed as “document: get” parameters, but not as “document: getAll” parameters on source:
Tried adding them as “document: getAll” parameters on a fork and it worked flawlesly. I’m working on a PR right now.
Thank you so much for your contribution here @miguel-mconf! We have a bit of a backlog at the moment I am afraid, but I know @Jon and the team are working hard on getting through this.