Team ,
am using version "number": "7.5.1" of ES.
below is the 1 row out put of my table.(added only necessary one)
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "jobhookwithtrace",
"_type" : "_doc",
"_id" : "268938063510",
"_score" : 1.0,
"_source" : {
"ref" : "feature-286-workday",
"tag" : false,
"sha" : "deb851cf454914011bcca76c4547ed5607f1cd19",
"user" : {
"id" : "7396",
"name" : "Jeebu - mycompany Team",
"email" : "Jeebu@mycompanyteam.com"
},
"buildLog" : "Unable to get job trace",
"object_kind" : "build",
"before_sha" : "acc7940f8cdfc7f51874d47b247fe928e54ce5bd",
"build_id" : 8063510,
}
}
]
}
}
The "buildLog" field holds the log from certain application .
recently we found abnormally large text is been pushed to the [buildLog] field.
am writting a query to find those buildLog rows whose length is more than 4194304
i tried with api
{
"filter": {
"script": {
"script": {
"lang": "painless",
"source": "doc['buildLog'].size() == 4194304"
}
}
}
}
but this seems not working.
i even tried with sql query but count succeed
POST /_sql?format=txt
{
"query": "SELECT build_id FROM tbl WHERE LENGTH(buildLog) > 4194304",
"fetch_size": 10000
}
can you guide a better way.
Thanks
jeebu