Hi,
I am using ELK GA 5.0.0. I have manged to create a painless scripted field triggered in Kibana like;
doc['Action'].value == 'PostA' ? 1 : 0
I have some selective actions like Post404, Post200 etc. I cant say the exact names since it increases. What I want is, when my doc['Action'].value has values PostA, PostB,.. etc or GetA, GetB,.. etc, i want doc['Action'].value to be 1, else 0. How can I do this?
Thanks in advance..
Hey there, I think I have a solution for you... can you try create a scripted field like this:
['PostA', 'PostB', 'PostC'].contains(doc['Action'].value) ? 1 : 0
If you need something more dynamic than a concrete list, you could try using regionMatches to match anything containing a substring:
doc['Action''].value.regionMatches(true, 0, 'Post', 0, 4)
Let me know if this helps!
And I'm pretty sure we have your username trademarked, so expect a letter from our lawyers soon (just kidding!!!!). 
Thanks,
CJ
Hi @cjcenizal , I need a dynamic solution and in your second solution, I can see only 0, and there is no 1.
I have created the username without knowing that there is a service in that name. I am unable to change it my settings, it is disabled. 
Oops, I forgot to add the ternary:
doc['Action''].value.regionMatches(true, 0, 'Post', 0, 4) ? 1 : 0
Do you see what it's doing? It's checking to see if the substring "Post" is in the first four characters of the "Action" field value. You can also take a look at the docs I linked to see how regionMatches works. You could update this for any kind of substring value you're looking for.
I love your username! 
Please don't change it, I was only joking.
Thanks,
CJ
Thank you so much. so lemme keep this username.. 
@cjcenizal I have one doubt. I have created a scripted field like below;
if (doc['error'].value == 'NONE') {
return 0;
}else if (doc['error'].value == 'ERRX') {
return 0;
}
return 1;
The value is generated fine, but when I try to filter it + or - , I am getting compilation error in discover. Why is this happening?
Hmm. What's the name of the scripted field? Could you share the error with me?
Thanks,
CJ
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.