How to create scripted(String + painless) field in Kibana?

vikas_gopal · June 20, 2017, 12:13pm

Hi Kibana Experts,

I got a very simple requirement I need to achieve following
> if(doc["logSourceGroup"].value =="Palo Alto Firewall Group" OR doc["logSourceGroup"].value =="ASA Firewall"){return "Firewall";}
> else if (doc["logSourceGroup"].value =="Windows Server" OR doc["logSourceGroup"].value =="Linux Server"; ){return "OS";}

with above in Kibana I am getting an error that says Cannot support OR . Can someone provide some guidance what is the correct syntax to use multiple values with OR in ifelse statement .

Regards
VG

vikas_gopal · June 20, 2017, 12:22pm

I tried following as per documents
if (doc["logSourceGroup"].value =="Windows Server" || doc["logSourceGroup"].value == "Linux Server";){return "OS";}

With above Kibana throws an error

raghvendra · June 20, 2017, 12:27pm

Instead of -> " (double quote ) use --> ' (single quote) . It should help you.

vikas_gopal · June 20, 2017, 12:35pm

Thankyou Singh,

I tried removing double quote with single but no luck .
Actually problem was with extra ; I removed it and now it is working . So here is the actual syntax .

if (doc["logSourceGroup"].value == 'Windows Server' || doc["logSourceGroup"].value == 'Linux Server' || doc["logSourceGroup"].value == 'PCI-Devices'){return "OS";} else if(doc["logSourceGroup"].value == 'Palo Alto Firewall Group' || doc["logSourceGroup"].value == 'ASA Firewall'){return "Firewall";}

Hope it will help someone .

Cheers
VG

system · July 18, 2017, 12:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.