this giving runtime error. Please advice.
GET logstash-2022.01.25/_doc/_search
{
"query": {
"match_all": {}
},
"script_fields": {
"log_size": {
"script": {
"lang": "painless",
"source": "doc['message.keyword'].value.length()"
}
}
}
}
please share the exception you are receiving. also specify the Elasticsearch version you are using as well as the mapping. Is message.keyword a mapped field? I'd doubt that, but I would like to verify.
Hi , modified query bit and this seems working. Now, pls help with summing content length of the messages.
and to answer your question,Yes, message is a mapped field within logstash-* indices (dynamic mapped field(mf) created by fluentd, other mf include, kubernetes_namespace, kubernetes_container_name,kubernetes_pod_name etc).
GET myIndex/_search
{
"query": {
"exists": {
"field": "message"
}
},
"script_fields": {
"log_size": {
"script": {
"lang": "painless",
"inline": "double sum = 0.0; for (item in doc['pid']) { sum += item.doc['message.keyword'].value.length(); } return sum;" }
}
}
}
this is working!
GET logstash-2022.01.18/_search?size=0
{
"query": {
"exists": {
"field":"message.keyword"
}
},
"aggs": {
"msgsize": {
"sum": {
"script": {
"lang": "painless",
"source": "doc['message.keyword'].value.length()"
}
}
}
}
}
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.