Hi,
Is there a way to use multiple conditions in a stream filter?
I tried :
transform": {
"script": {
"source": """
def docs = [];
def removes=ctx.payload.aggregations.event_types.buckets.remove.users.buckets.stream().map(p -> p.key).collect(Collectors.toList());
def logins=ctx.payload.aggregations.event_types.buckets.login.users.buckets.stream().map(p -> p.key).collect(Collectors.toList());
def hits = ctx.payload.aggregations.event_types.buckets.add.users.buckets;
for (hit in hits){
def document = [
'@timestamp':ctx.execution_time,
'origin host': ctx.payload.aggregations.event_types.buckets.add.users.buckets.stream().map(o -> o.host.ip).filter(o -> removes.contains(o)).filter(o -> logins.contains(o)).toArray(),
'usernames' : ctx.payload.aggregations.event_types.buckets.add.users.buckets.stream().map(u -> u.key).filter(u -> removes.contains(u)).filter(u -> logins.contains(u)).toArray()
];
docs.add(document);
}
return ['_doc':docs];
""",
"lang": "painless"
}
But I got :
"transform" : {
"type" : "script",
"status" : "failure",
"reason" : "runtime error",
"error" : {
"root_cause" : [
{
"type" : "script_exception",
"reason" : "runtime error",
"script_stack" : [
"o -> o.host.ip).filter(",
" ^---- HERE"
],