I'm using kibana v7.4.0 deployed via cloud.elastic.co
I was trying to create a scripted field to match a specific field with a regex.
The field I'm working with in an analyzed string field containing a process' arguments :
def processArgs = doc['process.args'];
if contans something like :
{
"_id": "DBYUvm0BRrdyTjK0i_EP",
"process": {
"args": [
"/usr/share/metricbeat/bin/metricbeat",
"-path.home",
"/usr/share/metricbeat",
"-path.config",
"/etc/metricbeat",
"-path.data",
"/var/lib/metricbeat",
"-path.logs",
"/var/log/metricbeat",
"run"
]
}
}
However in my script, when I try to access the first value of the array I would normally do :
doc['process.args'][0]
Except it doesn't work ! It returns the value of the second element of the array !
After some painful testing, the painless interpreter seems to interpret array indexing as :
doc['process.args'][-2] -> last
doc['process.args'][-1] -> 1stelement
doc['process.args'][0] -> 2nd element
doc['process.args'][1] -> 3rd element
doc['process.args'][doc['process.args'].length - 2] -> last element
etc ..
And it loops around the (end - 2) index of the array.
What witchery is that ?!