Regex running on version 5.4

paulohss · November 29, 2017, 3:07am

Hi guys,

I'm not able to find yet what I'm doing wrong here. So, this is the scenario:

1. Config set (script.painless.regex.enabled: true)
2. The Field I'm interested is called "DESCRIPTION".
3. I've tried these queries:
3.1:
{
"script": {
"lang": "painless",
"source": "if (ctx._source.DESCRIPTION ==~ /[^aeiou].[aeiou]/) {return 'a'} else {return 'b'}"
}
}
3.2:
{
"script": {
"lang": "painless",
"source": "if (ctx._source.DESCRIPTION ==~ /[^aeiou].[aeiou]/) {return 'a'} else {return 'b'}"
}
}

4. In both attempts, I've got this error:
"type": "parsing_exception",
"reason": "Unknown key for a START_OBJECT in [script].",

Any ideas?

spinscale · November 29, 2017, 10:16am

can you please provide a full request? I cannot infer from your sample if you are tring to use a script processor when ingesting or a script query/scripted field.

A fully reproducible example with a sample document, would be awesome!

Thanks!

paulohss · November 29, 2017, 11:26pm

Hi @spinscale, thanks for taking time checking my doubt.

That was the full request, I've grabbed it from here https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-examples.html

If you have any example on hand of the regex's usage in a simple filter query, that would do for me mate.

Cheers

spinscale · November 30, 2017, 8:21am

the docs site contains dozens of scripting examples, so it is still hard to tell, what you want to do without seeing your full request (including the URL you are hitting an parameters). Jusy copying the all of this from the commandline using curl or from the dev tools console in kibana would be awesome and make it so much easier to help!

I also do not fully understand what you goal here is. Are you trying to dynamically create a field using a script_field in your search? Otherwise the script does not look useful to me, when it is just about filtering.

paulohss · December 1, 2017, 1:31am

Hey @spinscale, thanks again for helping me out.

I'm trying to perform an aggregation under theses conditions:

Filter with this condition:
IF (description ~== [SOME REGEX])
{ return 'Bucket A'; }
ELSE
{ return 'Bucket B'; }
"description" is the name of my field within the indexes.

Is that make sense?

Cheers

spinscale · December 1, 2017, 7:32am

Hey,

how about this

PUT foo/bar/1
{
  "DESCRIPTION" : "foo"
}

PUT foo/bar/2
{
  "DESCRIPTION" : "bar"
}

GET foo/_search
{
  "size": 0,
  "aggs": {
    "theagg": {
      "terms": {
        "script": {
          "source" : "if (doc['DESCRIPTION.keyword'].value =~ /.*oo/) { return 'A' } else { return 'B'} "
          }, 
        "size": 10
      }
    }
  }
}

--Alex

paulohss · December 3, 2017, 11:19pm

Thanks for not giving up on my question @spinscale

That worked!

Have a nice week!

paulohss · December 5, 2017, 4:26am

HI @spinscale,

I've might get excited too soon.

The response of the query you suggested gave me this:

{
"took": 4,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 2,
"max_score": 1,
"hits": [
{
"_index": "foo",
"_type": "bar",
"_id": "2",
"_score": 1,
"_source": {
"DESCRIPTION": "bar"
}
}
,
{
"_index": "foo",
"_type": "bar",
"_id": "1",
"_score": 1,
"_source": {
"DESCRIPTION": "foo"
}
}
]
}
}

It's not a dataset with aggregated data (my goal with this project). Instead, it's just the raw data being filtered and shown.

What I'm after, following your example would be something similar to this:

{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 4,
    "successful" : 4,
    "failed" : 0
  },
  "hits" : {
    "total" : 2,
    "max_score" : 0.0,
    "hits" : [ ]
  },
  "aggregations" : {
    "groupby" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "A",
          "doc_count" : 1
        },
        {
          "key" : "B",
          "doc_count" :1
        }
      ]
    }
  }
}

Meaning that IF the regex criteria within the script found "A" (doc['DESCRIPTION.keyword'].value =~ /.*oo/) THEN it would count +1 for "A", for instance.

Any idea how to get there?

Cheers

spinscale · December 5, 2017, 7:43am

hey,

I would start a good bet, that you definitely did not copy/paste my query when you got that response. I specified size: 0, but yet your response contains documents. This is a hundred percent not the query response that belongs to my shown query.

--Alex

paulohss · December 5, 2017, 11:08pm

Of course not @spinscale.

I've mentioned, the response I expect is "like" this.

I said it in here: "What I'm after, following your example would be something similar to this:"

That's why you are looking at something that hasn't happen, instead, what I'm trying to show you is the response that I actually need.

Hope it makes sense now.

system · January 2, 2018, 11:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.