Painless Scripted Field - TimeStamp - Regex

Hello Team,

I need help fetching Timestamp from the specific Kibana field. I'm using below painless script, but I get unexpected character \\ error. Can you please suggest the correct way. I could use split, but the timestamp index is variable in my case. Thanks.

Regex - https://regex101.com/r/qtACqh/1

def m = \d{2,2}\/\d{2,2}\/\d{4,4} \d{2,2}:\d{2,2}:\d{2,2}
$/.matcher(doc['message.keyword'].value);
if(m.matches())
{
  return m.group(1)
}
else
{
   return "no timestamp found"
}

type":"illegal_argument_exception","reason":"unexpected character [\\].","caused_by":{"type":"lexer_no_viable_alt_exception","reason":null}}}},{"shard":3,"index":"default-2018.05","node":"XTVSx9u9RYqM3aJBp1_-Rw","reason":{"type":"general_script_exception","reason":"Failed to compile inline script

image

Have you set script.painless.regex.enabled: true in your elasticsearch.yml?

Yes, no luck. I have restarted the service as well. Can you please confirm if I have set it in correct place (below screenshot).

image

Suspecting something wrong with my regex, I used the sample mentioned in the elastic documentation, I now get below error (Kibana 5.5.2)

"reason":"Regexes are disabled. Set [script.painless.regex.enabled] to [true] in elasticsearch.yaml to allow them. Be careful though, regexes break out of Painless's protection against deep recursion and long loops.

def m = /^.*\.([a-z]+)$/.matcher(doc['message.keyword'].value);
if ( m.matches() ) {
   return m.group(1)
} else {
   return "no match"
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.