Hi
I think I have found an error, in the way Kibana/Scripted Fields handles arrays of objects. My example is this.
My ES Data:
{"@timestamp":"2021-02-28T22:59:38.786Z", "message":"ExclusionsDeparturesArrivalsExeption: Flights from CPH to ISB is not allowed.","additional":{"searchQuery":{"flights":[{"departure":"CPH","arrival":"ISB","departureDateTime":"30.03.2021 07:00:00"},{"departure":"ISB","arrival":"CPH","departureDateTime":"06.04.2021 07:00:00"}]}}}
{"@timestamp":"2021-02-28T22:59:42.761Z", "message":"ExclusionsDeparturesArrivalsExeption: Flights from CPH to RIX is not allowed.","additional":{"searchQuery":{"flights":[{"departure":"CPH","arrival":"RIX","departureDateTime":"04.03.2021 08:00:00"},{"departure":"RIX","arrival":"CPH","departureDateTime":"06.05.2021 07:00:00"}]}}}
If I create a scripted fields like this:
if (!doc.containsKey("additional.searchQuery.flights.departure") || doc["additional.searchQuery.flights.departure"].empty) {
return null;
}
def tmp = params._source["additional"].searchQuery.flights.get(0);
tmp.departure + "->" + tmp.arrival;
It will return the correct values.
"CPH->RIX"
"CPH->ISB"
The problem with this, is I cannot use it as a filter in a dashboard, because of params doesn't contain _source when used as filter.
If I do this instead, which in my world should give the same result:
if (!doc.containsKey("additional.searchQuery.flights.departure") || doc["additional.searchQuery.flights.departure"].empty) {
return null;
}
doc["additional.searchQuery.flights.departure"][0] + "->" + doc["additional.searchQuery.flights.arrival"][0]
I get this result:
"CPH->CPH"
"CPH->CPH"
If i use arrival[1] instead I get the correct result. That must be an error?
Another problem with this, is if i use it as a filter, I will still get results containing parts of the string from the scripted field. It doesn't make a keyword match, it is more like a text match.
Br
Casper