Log field from microservice app logs in Kibana on AWS

Praful · September 22, 2020, 7:55pm

I am searching for a string in the logs using scripted field in Kibana using the Painless code. My aim is find more details in the error/exception logs.

    try {
    if (doc.containsKey('log.keyword') && !doc['log.keyword'].empty) {
       	    if(doc['log.keyword'].value.contains('Error1')) {
    		return "E1";
    	}
    	if(doc['log.keyword'].value.contains('Error2')) {
    		return "E2";
    	}
    	if(doc['log.keyword'].value.contains('Error3')) {
    		return "E3";
    	}
    	return "No match!";
    }
       	return "No log keyword!";
    } catch (Exception ex) {
    	return "Got exception";
       }

But all I get is 'No match!' in most of the cases, or 'No log keyword'. Then to debug this, I wrote a simple scripted field:

    try {
        if (doc.containsKey('log.keyword') && !doc['log.keyword'].empty) {
        	return doc['log.keyword'].value;
        }
       	return "No log keyword!";
    } catch (Exception ex) {
    	return "Got exception";
    }

Here I noticed that if the log contains substring exception or Exception, the scripted field returns empty string, otherwise it returns the original log string. I am really baffled by this. Am I doing something obviously wrong?

Thanks

tsullivan · October 8, 2020, 4:36pm

I think .empty is supposed to be .value.isEmpty() no? As it is, !doc['log.keyword'].empty would alway be true.

system · November 5, 2020, 4:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.