How can I reject a value from json data type column in elasticsearch index result by using Painless?

Yusuf_Karatoprak · August 22, 2019, 6:45am

My question is really simple and unique. I am trying get value from json string column in elasticsearch index.
How can I get "ClassName" from below data?

My rows is that:

{
  "ClassName": "System.InvalidOperationException",
  "Message": "Sequence contains no elements",
  "Data": null,
  "InnerException": null,
  "HelpURL": null,
  "StackTraceString": "  . . . . . 
}

My solution is

GET slog-2019-08-11/_search
{
  "script_fields": {
    "data": {
      "script": {
        "lang":   "expression",
        "source": "doc['ClassName']",
        "params": {
          "markup": 0.2
        }
      }
    }
  }
}

But it returns to me an error:

{
  "error": {
    "root_cause": [
      {
        "type": "script_exception",
        "reason": "link error",
        "script_stack": [
          "doc['ClassName']",
          "     ^---- HERE"
        ],
        "script": "doc['ClassName']",
        "lang": "expression"
      }
    ],
    "type": "search_phase_execution_exception",
    "reason": "all shards failed",
    "phase": "query",
    "grouped": true,
    "failed_shards": [
      {
        "shard": 0,
        "index": "slog-2019-08-11",
        "node": "TBSUPCkhQ1aHX069zwT7Tg",
        "reason": {
          "type": "script_exception",
          "reason": "link error",
          "script_stack": [
            "doc['ClassName']",
            "     ^---- HERE"
          ],
          "script": "doc['ClassName']",
          "lang": "expression",
          "caused_by": {
            "type": "parse_exception",
            "reason": "Field [ClassName] does not exist in mappings"
          }
        }
      }
    ]
  },
  "status": 500
}

nickpeihl · August 22, 2019, 4:50pm

Can you try

GET slog-2019-08-11/_search
{
  "script_fields": {
    "data": {
      "script": {
        "lang":   "expression",
        "source": "doc['ClassName'].value", <-- add value 
        "params": {
          "markup": 0.2
        }
      }
    }
  }
}

Yusuf_Karatoprak · August 23, 2019, 12:16pm

{
"error": {
"root_cause": [
{
"type": "script_exception",
"reason": "link error",
"script_stack": [
"doc['ClassName'].value",
" ^---- HERE"
],
"script": "doc['ClassName'].value",
"lang": "expression"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "slog-2019-08-14",
"node": "TBSUPCkhQ1aHX069zwT7Tg",
"reason": {
"type": "script_exception",
"reason": "link error",
"script_stack": [
"doc['ClassName'].value",
" ^---- HERE"
],
"script": "doc['ClassName'].value",
"lang": "expression",
"caused_by": {
"type": "parse_exception",
"reason": "Field [ClassName] does not exist in mappings"
}
}
}
]
},
"status": 500
}

nickpeihl · August 23, 2019, 9:28pm

I need a little more information. Can you share your mapping for this index?

Yusuf_Karatoprak · August 27, 2019, 3:17pm

Yes! Sure.Btw sorry my late response:

{
"mapping": {
"logmessage": {
"properties": {
"additionalData": {
"properties": {
"data": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"method": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"url": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"caller": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"correlationId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"data": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"environment": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"headers": {
"properties": {
"key": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"value": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"logDate": {
"type": "date"
},
"logLevel": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"logSource": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"logType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"parentLogId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"processCost": {
"type": "float"
},
"responseStatusCode": {
"type": "long"
},
"urlMethod": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"urlPath": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"urlQueryString": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}

system · September 24, 2019, 3:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.