From my understanding, attributes is a map from the application.
If params goes into the body in the following query, would that be fully queryable?
What if attributes/params has a deeper map? I don’t use that myself, but I could imagine others would. As an example, I added last_login as an array. Maybe someone wants to search for all users on desktop who last logged in the past 1 week.
If params goes into the body in the following query, would that be fully queryable?
First, we need to define “fully queryable.” If you mean the ability to run analytics/aggregation queries, it won’t work. You will need to put the params in the attributes field to run term aggregations on the field attributes.params.last_login. This will allow you to retrieve all IDs. You will also be able to filter logs for a specific user ID with attributes.params.last_login:1234.
In your case, you probably want to put almost all your fields in the attributes fields like this: