Hi,
There are documents with content "..............6; ResponseTime: 0ms; RequestHeaders: ............." I have a scripted field with painless script,
if(!doc['Message.keyword'].empty) {
def m = /^(.*?)(?=ResponseTime:)ResponseTime: (([0-9]*[.])?[0-9]+)ms;(.*)$/.matcher(doc['Message.keyword'].value);
if(m.matches()) {
return m.group(2)
} else {
return "no match"
}
} else {
return "empty doc"
}
I have tried m.find and m.lookingAt as well.
script for m.find
if(!doc['Message.keyword'].empty) {
def m = /ResponseTime: ([0-9]+)ms;/.matcher(doc['Message.keyword'].value);
if(m.find()) {
return m.group(1)
} else {
return "no match"
}
} else {
return "empty doc"
}
This is returning "empty doc". No way it should have returned "empty doc" as the docs are there with content. For any other value for regex like " invalid user:\s{1,}([a-zA-Z0-9]+)" works perfectly with the "invalid user: admin" content.
From other regex tools, I can see that the expression is correct.
Same is the case with this script as well.
if(!doc['Message.keyword'].empty) {
def m = /^\s{0,}Payload xml is\s{0,}(.*)$/.matcher(doc['Message.keyword'].value);
if(m.matches()) {
return m.group(1)
} else {
return "no match"
}
} else {
return "no match"
}
Here is the Java program that works for same regex
Pattern p = Pattern.compile("ResponseTime: ([0-9]+)ms;");
Matcher m = p.matcher("dfgadgfhadgfhdfhgsjhfgjhdfhdsfgdhf ResponseTime: 0ms; dfbnbgngn sbdmf adf mansdfb nbdfm mfbnas");
boolean b = m.find();
if (b == true) {
System.out.println("Regex matched " + m.group(1));
} else {
System.out.println("Regex did not mactch");
}
System.out.println("Hello Java");
}
Output is "Regex matched 0
Hello Java"
Any help is appreciated.