Regex running on version 5.4

Elastic Stack Elasticsearch
1

Hi guys,

I'm not able to find yet what I'm doing wrong here. So, this is the scenario:

1. Config set (script.painless.regex.enabled: true)
2. The Field I'm interested is called "DESCRIPTION".
3. I've tried these queries:
3.1:
{
"script": {
"lang": "painless",
"source": "if (ctx._source.DESCRIPTION ==~ /[^aeiou].[aeiou]/) {return 'a'} else {return 'b'}"
}
}
3.2:
{
"script": {
"lang": "painless",
"source": "if (ctx._source.DESCRIPTION ==~ /[^aeiou].[aeiou]/) {return 'a'} else {return 'b'}"
}
}

4. In both attempts, I've got this error:
"type": "parsing_exception",
"reason": "Unknown key for a START_OBJECT in [script].",

Any ideas?

2

can you please provide a full request? I cannot infer from your sample if you are tring to use a script processor when ingesting or a script query/scripted field.

A fully reproducible example with a sample document, would be awesome!

Thanks!

3

Hi @spinscale, thanks for taking time checking my doubt.

That was the full request, I've grabbed it from here https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-examples.html

If you have any example on hand of the regex's usage in a simple filter query, that would do for me mate.

Cheers

4

the docs site contains dozens of scripting examples, so it is still hard to tell, what you want to do without seeing your full request (including the URL you are hitting an parameters). Jusy copying the all of this from the commandline using curl or from the dev tools console in kibana would be awesome and make it so much easier to help!

I also do not fully understand what you goal here is. Are you trying to dynamically create a field using a script_field in your search? Otherwise the script does not look useful to me, when it is just about filtering.

5

Hey @spinscale, thanks again for helping me out.

I'm trying to perform an aggregation under theses conditions:

  1. Filter with this condition:
    IF (description ~== [SOME REGEX])
    { return 'Bucket A'; }
    ELSE
    { return 'Bucket B'; }

  2. "description" is the name of my field within the indexes.

Is that make sense?

Cheers

6

Hey,

how about this

PUT foo/bar/1
{
  "DESCRIPTION" : "foo"
}

PUT foo/bar/2
{
  "DESCRIPTION" : "bar"
}

GET foo/_search
{
  "size": 0,
  "aggs": {
    "theagg": {
      "terms": {
        "script": {
          "source" : "if (doc['DESCRIPTION.keyword'].value =~ /.*oo/) { return 'A' } else { return 'B'} "
          }, 
        "size": 10
      }
    }
  }
}

--Alex

7

Thanks for not giving up on my question @spinscale :smile:

That worked!

Have a nice week!

1 Like
8

HI @spinscale,

I've might get excited too soon. :slight_smile:

The response of the query you suggested gave me this:

{
"took": 4,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 2,
"max_score": 1,
"hits": [
{
"_index": "foo",
"_type": "bar",
"_id": "2",
"_score": 1,
"_source": {
"DESCRIPTION": "bar"
}
}
,
{
"_index": "foo",
"_type": "bar",
"_id": "1",
"_score": 1,
"_source": {
"DESCRIPTION": "foo"
}
}
]
}
}

It's not a dataset with aggregated data (my goal with this project). Instead, it's just the raw data being filtered and shown.

What I'm after, following your example would be something similar to this:

{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 4,
    "successful" : 4,
    "failed" : 0
  },
  "hits" : {
    "total" : 2,
    "max_score" : 0.0,
    "hits" : [ ]
  },
  "aggregations" : {
    "groupby" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "A",
          "doc_count" : 1
        },
        {
          "key" : "B",
          "doc_count" :1
        }
      ]
    }
  }
}

Meaning that IF the regex criteria within the script found "A" (doc['DESCRIPTION.keyword'].value =~ /.*oo/) THEN it would count +1 for "A", for instance.

Any idea how to get there?

Cheers

9

hey,

I would start a good bet, that you definitely did not copy/paste my query when you got that response. I specified size: 0, but yet your response contains documents. This is a hundred percent not the query response that belongs to my shown query.

--Alex

10

Of course not @spinscale.

I've mentioned, the response I expect is "like" this.

I said it in here: "What I'm after, following your example would be something similar to this:"

That's why you are looking at something that hasn't happen, instead, what I'm trying to show you is the response that I actually need.

Hope it makes sense now.

11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.