I got this transform for a watcher, and it's failing at the "grok" point:
"transform": {
"script": {
"source": """
def finalMessage = "A new workset has been created in a Revit model. \\n\\n";
for (def i = 0; i < ctx.payload.hits.hits.length; i++) {
def msg = ctx.payload.hits.hits[i]._source["message"];
def user = ctx.payload.hits.hits[i]._source["user.name"];
def fName = ctx.payload.hits.hits[i]._source["file.name"];
String wName = grok('Do you want to make the %{GREEDYDATA:name} workset the active workset?').extract(msg).name;
finalMessage += "The user " + user + " created a new workset named " + wName + " in model " + fName;
}
return ["message" : finalMessage];
""",
"lang": "painless"
}
}
Can grok patterns be used inside of painless scripts in watchers? I know I can use them in Runtime Fields.
I don't think grok is allowed in a painless script, but painless does support regex, and my hunch is based upon your use case you'd be able to achieve the same thing. Here's the relevant documentation: painless regex docs
@Wave Andrew, well, I was able to use grok in a painless script when creating Runtime Fields, but it just didn't seem to work here. That's fine, as I can use Regex instead. It's just seemed easier to use grok in this case. Thank you for the answer. I will accept it.
@ksobon You are right that grok CAN be used in a painless script. I didn't know that. I did some more digging and it looks like grok can be used in runtime fields, just like you say at the top in your original question. I bet what is happening is that since watcher is doing that as a "transform" instead of a "runtime" field that is why it doesn't work. https://www.elastic.co/guide/en/elasticsearch/reference/current/grok.html#grok-patterns-runtime
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.