Kibana kibana script field indexof

Elastic Stack Kibana
1

Hello

If we now have two field: "event_data.Binary" and "Binary1".

We want set a script field to get a word position from the field.

We set the script field:

language:painless

type:number

script: doc['event_data.Binary.keyword'].value.indexOf(doc['Binary1.keyword'])

We will get the error:Courier Fetch: 10 of 15 shards failed.

How could we set the script?

The type of these filed are string.

2

you are missing .value on your second field

doc['event_data.Binary.keyword'].value.indexOf(doc['Binary1.keyword'].value)

3

hello ppisljar

I set the script and kibana always show "Courier Fetch: 10 of 15 shards failed."

Kibana also have no data showing.

Is there any other issue?

And I have another question.

Could we set the script condition only for Specified event?

For example,if the event message is "hello" only can use this script.

I don't want all field to use this script.

Thanks

here is the picture:

未命名
未命名.png1712×563 21.6 KB

未命名
未命名.png1719×803 61 KB

4

there are plenty of things that could go wrong ...

first, its good to check if the fields exist with doc.containsKey('fieldName')

if (doc.containsKey('event_data.Binary.keyword') && doc.containsKey('Binary1.keyword')) {
 return doc['event_data.Binary.keyword'].value.indexOf(doc['Binary1.keyword'].value);
} else {
 return 0;
}

maybe its better if we talk about how to debug your scripts ....

  • create a visualization, that will throw the error
  • open spy panel, go to the request tab
  • copy request to clipboard
  • go to Dev Tools app (in the menu on the left where Visualize and Dashbord are)
  • write in GET _search in the first line and below it paste your JSON request you copied
  • click on play icon ... in the response on the right you should get more info about what went wrong

however if shards are failing you might not get anything back ...
then you should look at your elasticsearch log and see why the shards failed.

5

Hello ppisljar

Now I change the out form to avoid this issue.

The output is "AAAAA_BB".

How can I set the script field to get two fields that the content of these two field are AAAAA and BB ?

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.