I need help fetching Timestamp from the specific Kibana field. I'm using below painless script, but I get unexpected character \\ error. Can you please suggest the correct way. I could use split, but the timestamp index is variable in my case. Thanks.
def m = \d{2,2}\/\d{2,2}\/\d{4,4} \d{2,2}:\d{2,2}:\d{2,2}
$/.matcher(doc['message.keyword'].value);
if(m.matches())
{
return m.group(1)
}
else
{
return "no timestamp found"
}
type":"illegal_argument_exception","reason":"unexpected character [\\].","caused_by":{"type":"lexer_no_viable_alt_exception","reason":null}}}},{"shard":3,"index":"default-2018.05","node":"XTVSx9u9RYqM3aJBp1_-Rw","reason":{"type":"general_script_exception","reason":"Failed to compile inline script
Yes, no luck. I have restarted the service as well. Can you please confirm if I have set it in correct place (below screenshot).
Suspecting something wrong with my regex, I used the sample mentioned in the elastic documentation, I now get below error (Kibana 5.5.2)
"reason":"Regexes are disabled. Set [script.painless.regex.enabled] to [true] in elasticsearch.yaml to allow them. Be careful though, regexes break out of Painless's protection against deep recursion and long loops.
def m = /^.*\.([a-z]+)$/.matcher(doc['message.keyword'].value);
if ( m.matches() ) {
return m.group(1)
} else {
return "no match"
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
