Painless unable to access any field

Alex_Zeleznikov · October 16, 2018, 10:50am

I'm trying to use painless to extract a substring from a field, however it seems painless is unable to access ANY fields.

Tried all of the below and they all fail (and I've checked that the fields exists, it's the default metricbeat fields):

doc.containsKey('docker.container.image.keyword') ? doc['docker.container.image.keyword'].value : 'none'

def image = doc['docker.container.image.keyword'].value;
if (image != null) {
   int lastSlashIndex = image.lastIndexOf(':');
   if (lastSlashIndex > 0) {
   return image.substring(lastSlashIndex+1);
   }
}
return 'none';

Tried with and without keyword, tried filtering the search to documents that contains the specified fields, even a simple doc['beat.name.keyword'].value return "No field found for [beat.name.keyword] in mapping with types []"

rjernst · October 16, 2018, 4:38pm

The error message you past shows a field beat.name.keyword, but your code shows docker.container.image.keyword. This error means the field does not exist in the mappings. So I would start by checking that field exists in your mappings (and note that it must exist in the mappings for all indexes you are searching).

system · November 13, 2018, 4:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Painless - access non-analyzed version of analyzed text field Elasticsearch	3	469	July 3, 2019
Painless script - check for null Elasticsearch	6	20459	April 14, 2018
Working with strings in Painless Elasticsearch	6	18908	December 14, 2017
Painless script not work Elasticsearch painless , runtime-fields	1	680	February 8, 2022
Substring and contains in painless Elasticsearch	9	28354	May 10, 2019

Painless unable to access any field

Related Topics