How can I replace the ID values at the bottom of this graph with something like A, B, C using Elasticsearch or Kibana UI tool?
Bump
Hello,
Can you please tell me which graph is this? You can map the fields values to something else using kibana field formatters. But I am not sure if that is the optimum solution in this case.
cc @markov00
Thanks,
Bhavya
I appreciate your feedback. The name of the graph is a line graph, but I changed the setting to be a bar graph instead. I can also switch it to TVSB, Timelion as well. If you know a solution that is associated with those graphs, I'm fine as well.
Hi @EZprogramming
There are few ways to handle this:
- you can create a scripted fields through Kibana Advanced Settings -> Index Patterns -> Scripted Fields with a Painless script similar to:
if (doc['YOUR_ID_FIELD'].value == 'id12345') {
return 'A'
} else {
return 'B'
}
- or you can add this field directly during the indexing/ingestion or reindexing your data: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html
1 Like
Thank you! This worked.
Also, to anyone using the solution, you might have to use the <field_name>.keyword instead of just the <field_name> to get the result that you want.
Edit:
Checking if the field exists is also helpful to avoid searching for fields that don't exist in your documents in your index pattern. Returning null will return '-' in Kibana discover page and void shard failure.
Better solution: 
if (!doc['YOUR_ID_FIELD.keyword'].empty){
if (doc['YOUR_ID_FIELD'].value == 'id12345') {
return 'A'
} else {
return 'B'
}
} else {
return null;
}@markov00, I tried to filter scripted fields but it didn't work. Do you know if this feature is possible?
yes that should work, but maybe depends on the version you are working on
I am using Elasticsearch version 7.3.2, and I just did it and I got shard failure and this error message. I can only share part of the information:
Error Output:
2 out of 4 shards failed
[esaggs] > Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"script_exception","reason":"compile error","script_stack":["... rn s.get() == v;}compare(() -> { if (doc['id ..."," ^---- HERE"],"script":"boolean compare(Supplier s, def v) {return s.get() == v;}compare(() -> { if (doc['customer_id.keyword'].value == '***') {\n return '***'\n} else if(doc['id.keyword'].value == '***') {\n return '***'\n} else if(doc['id.keyword'].value == '***') {\n return '***'\n} else if(doc['id.keyword'].value == '***') {\n return '***'\n} }, params.value);","lang":"painless"},{"type":"script_exception","reason":"compile error","script_stack":["... rn s.get() == v;}compare(() -> { if (doc['id ..."," ^---- HERE"],"script":"boolean compare(Supplier s, def v) {return s.get() == v;}
Edit:
I have named the scripted field as id, and not id.keyword. I've realized <field_name>.keyword is usually how things are filtered out in Kibana, but not sure if this is the issue.
Hi, I don't think this is the issue. Could you please check if the error, near the end of the message, report something like:
"caused_by":{"type":"illegal_argument_exception","reason":"Not all paths provide a return value for method [lambda$0]."}}},"status":400}
Because seems that your script doesn't have return values if not one of the value checked:
if (doc['customer_id.keyword'].value == '***') {
return '***'
} else if(doc['id.keyword'].value == '***') {
return '***'
} else if(doc['id.keyword'].value == '***') {
return '***'
} else if(doc['id.keyword'].value == '***') {
return '***'
}
adding a final return 'other' or something similar should fix the issue
1 Like
You are right, I forgot the else clause which returns null. I added it for some indexes but forgot to add it to this one. By adding the else clause to return null, I fixed the issue.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.