Painless forEach + Replace failing

ramiriskis · November 20, 2020, 4:05am

Hi guys,

I'm trying to write a script within watcher that applies a transform to each log before sending it through slack. My current script is like this:

        "script": {
          "source": """
                ctx.payload.hits.hits.forEach(hit -> hit._source.python_log_message = \a\.matcher(hit._source.python_log_message).replaceAll(''));
                return ctx.payload
                """,
          "lang": "painless"
        }

For some reason, it is erroring out, but i'm using the examples in the painless guide. Any reason why this would not work? It works perfectly if I, for example, do this:

        "script": {
          "source": """
                ctx.payload.hits.hits.forEach(hit -> hit._source.python_log_message =  'hello');
                return ctx.payload
                """,
          "lang": "painless"
        }

matw · November 20, 2020, 4:43am

Hi

Did you enable Regular expressions by using script.painless.regex.enabled: true in your elasticsearch.yml?

Best,
Matthias

ramiriskis · November 20, 2020, 7:03pm

Thanks, that worked! It would probably be a good feature to warn the user that the reason why regex operators are not working is because of disabled configs, not syntax errors.

system · December 18, 2020, 7:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.