Painless unable to access any field

Alex_Zeleznikov · October 16, 2018, 10:50am

I'm trying to use painless to extract a substring from a field, however it seems painless is unable to access ANY fields.

Tried all of the below and they all fail (and I've checked that the fields exists, it's the default metricbeat fields):

doc.containsKey('docker.container.image.keyword') ? doc['docker.container.image.keyword'].value : 'none'

def image = doc['docker.container.image.keyword'].value;
if (image != null) {
   int lastSlashIndex = image.lastIndexOf(':');
   if (lastSlashIndex > 0) {
   return image.substring(lastSlashIndex+1);
   }
}
return 'none';

Tried with and without keyword, tried filtering the search to documents that contains the specified fields, even a simple doc['beat.name.keyword'].value return "No field found for [beat.name.keyword] in mapping with types []"

rjernst · October 16, 2018, 4:38pm

The error message you past shows a field beat.name.keyword, but your code shows docker.container.image.keyword. This error means the field does not exist in the mappings. So I would start by checking that field exists in your mappings (and note that it must exist in the mappings for all indexes you are searching).

system · November 13, 2018, 4:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Painless - access non-analyzed version of analyzed text field Elasticsearch	3	470	July 3, 2019
Painless - Getting Field with whitespace Character Elasticsearch	3	865	December 25, 2017
Make painless script conditional on presence of field Elasticsearch	2	584	January 19, 2018
Painless script - check for null Elasticsearch	6	20561	April 14, 2018
Working with strings in Painless Elasticsearch	6	18957	December 14, 2017

Painless unable to access any field

Related topics