Painless Script not giving desired output

PRASHANT_MEHTA · April 5, 2022, 9:48am

Hello,
I want to create an additional field in index having combined values of mount point
and hostname.
ex: /dev/run vxw001m001, / vas002m002 ....
when tried to create scripted field in index patter in kibana,getting below exception,tried to work around it but unable to get output.Any suggestion would be helpful

doc['system.filesystem.mount_point.keyword'].value + ' ' + doc['host.name'].value;

Caused by type

illegal_state_exception

Caused by reason

A document doesn't have a value for a field! Use doc[].size()==0 to check if a document is missing a field!

Did tried to check for null values and size,but not sure about exact query
@spinscale can you plz help in this?

Yazid_S · April 5, 2022, 11:24am

Are you sure that this field 'system.filesystem.mount_point.keyword' exists and has a value in every each document ?

PRASHANT_MEHTA · April 5, 2022, 11:29am

@Yazid_S Thanks for your quick response! Yes it exists.

Yazid_S · April 5, 2022, 11:32am

On your screenshot, it seems to be 'system.filesystem.mount_point' not 'system.filesystem.mount_point.keyword'

PRASHANT_MEHTA · April 5, 2022, 11:36am

Mybad,you are correct its system.filesystem.mount_point and it does has mising values,what is the right way to get the desired output?

Yazid_S · April 5, 2022, 11:39am

You just need to add an if statement on ' system.filesystem.mount_point' not null. Then you adapt your script and your output depending on if ' system.filesystem.mount_point' is null or not.

PRASHANT_MEHTA · April 5, 2022, 11:42am

Below is the image I'm trying to achive in kibana...need to dispaly only critical mount points above
80% usage...for this I'm unable to get hostname in visual due to limited scope of elastic aggregation in kibana.The data is coming from metricbeat.

Yazid_S · April 5, 2022, 11:46am

You should adapt your topic. Your original question is about an error on Painless Script. Do you still have the same problem ?

PRASHANT_MEHTA · April 5, 2022, 11:57am

I'm not sure how to make the exact script for this,still not getting the desired values.

if(doc['system.filesystem.mount_point'].value != null)
{
  return doc['system.filesystem.mount_point'].value + '  ' + doc['host.name'].value;    
}
else
{
    return "null"
}

Yazid_S · April 5, 2022, 12:03pm

You should also check that doc['host.name'] is not null.
Have you tried to replace doc['FieldName'] by params._source['FieldName'] ?

if(params._source['system.filesystem.mount_point'] != null && params._source['host.name'] != null)
{
  return params._source['system.filesystem.mount_point'] + '  ' + params._source['host.name'];    
}
return "null";

PRASHANT_MEHTA · April 5, 2022, 12:22pm

Thanks again! Tried above script,now filed is created but all value are null.

Yazid_S · April 5, 2022, 12:24pm

That means that both fields are never not null in the same document.

system · May 3, 2022, 12:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Painless (Elasticsearch) can't use keyword - script error Kibana	6	1437	February 4, 2020
Unable to create scripted field Kibana painless	6	2063	November 11, 2020
Painless script error Kibana painless	7	867	July 5, 2022
Painless doc values; how to reference grouped fields Elasticsearch painless	3	398	July 20, 2021
Painless scripted field can't use ctx._source Kibana painless	1	437	April 3, 2019

Painless Script not giving desired output

Related Topics