Recently I tried to create three scripted fields in Kibana 6.2.2. They all try to get a string, using a regex matching, from a same specific document field. Only the first scripted field gets a match, and although I have used the same logic in the other two, they always return "no match".
Below is an example of the field from where I want to get the matchings:
The second and third fields are looking for the REGEX CPC_APMAC_.+. and CPC_APNAME_.+. but the matches that you are trying to find do not have any . in their values. Try just matching for CPC_APMAC_ and CPC_APNAME_ in the REGEX.
Thank you for your answer. I have tried your suggestion. But I did not get the expected result. The opennac_tags_on field is an array (the developer informed me), so I believe matching is only happening with the string of the first element of the array. Do you have any guidance on how to iterate through the array using the Painless language?
I've managed to the the information into the scripted fields by using the Painless language. Below I share the solution using a for loop on each scripted fields in order to get the information from the array:
Field sc-apip:
for(int i=0; i < doc['opennac_tags_on.keyword'].length;i++){
def m = /(CPC_APIP_(?:[0-9]{1,3}.){3}[0-9]{1,3})/.matcher(doc['opennac_tags_on.keyword'][i]);
if ( m.matches() ) {
return m.group(1)
}
}
Field sc-apmac:
for(int i=0; i < doc['opennac_tags_on.keyword'].length;i++){
def n = /(CPC_APMAC_[0-9a-fA-F]{12})/.matcher(doc['opennac_tags_on.keyword'][i]);
if ( n.matches() ) {
return n.group(1)
}
}
Field sc-apname:
for(int i=0; i < doc['opennac_tags_on.keyword'].length;i++){
def n = /(CPC_APNAME_.+.*)/.matcher(doc['opennac_tags_on.keyword'][i]);
if ( n.matches() ) {
return n.group(1)
}
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
