I coded a scripted field named "unique_log_message__" as show below. The whole purpose of such field is to show a unique version of some other field named "LogMessage.keyword". And to get into a unique value, I simply replace possible numbers in the LogMessage with "-".
The super confusing thing that I am facing is that unique_log_message__ retuns as "no logmessage" and that must be because doc['LogMessage.keyword'].size() == 0 when LogMessage.keyword field is present and has a long string as show in below sample.
Please help, I spent hours and hours on this without any luck. I highly appreciate your support on this ....
if (doc['LogMessage.keyword'].size() == 0) {
return "no logmessage"
} else if (!doc['LogMessage.keyword'].empty && doc['LogMessage.keyword'].value != null) {
return /\d+/.matcher(doc['LogMessage.keyword'].value).replaceAll('-');
} else {
return "hello ......";
}
{
"_index": "hello-app-logs-2023.03.28",
"id": "qVtGJocBjbefA30AL3An",
"version": 1,
"score": null,
"source": {
"Logtime": "2023.03.28 03:32:22 635 +0000",
"AppName": "HelloApp",
"LogLevel": "I",
"LogHost": "hello-app-2",
"TraceId": "",
"SpanId": "",
"LogMessage": " Hello Server Time=1679974342633, HelloInterval=20 , from Hello server=clientId [hello-app-2@hello-server-0.hello-server-svc-headless.default.svc.cluster.local@30000] status [active] started [1679836922931] name [hello-server-0] [com.hello.impl.Hello@1c8da478]",
"log_file": "/var/log/pods/default_hello-app-2_41d274f8-3b84-4eb7-95a3-bdc7fb2cd3a2/hello/0.log",
"@datetime": "2023-03-28T03:32:25Z",
"nspHost": "1.1.1.1"
},
"fields": {
**"unique_log_message": [**
** "no logmessage"**
** ],**
"@datetime": [
"2023-03-28T03:32:25.000Z"
],
"app_name_and_unique_short_log_message": [
"stupidme"
]
},
"highlight": {
"AppName.keyword": [
"@opensearch-dashboards-highlighted-field@HelloApp@/opensearch-dashboards-highlighted-field@"
]
},
"sort": [
1679974345000
]
}
Thanks
)
Not a document field anyway.