Could you use painless instead of groovy
Checking for null seems to work there.
e.g.:
Hi Chris,
I think a scripted field might help. Here's an experiment I did.
I put this data using Kibana dev console. Each doc has a name but in a different field;
PUT /discuss/test/1
{
"date" : "2017-05-26T00:01:00",
"name" : "Lee"
}
PUT /discuss/test/2
{
"date" : "2017-05-26T00:02:00",
"firstName" : "Bob"
}
PUT /discuss/test/3
{
"date" : "2017-05-26T00:02:30",
"fullName" : "Bart Simpson"
}
It looks like this in Discover;
[image]
Obviously I can already sea…
or
I'm trying to run the _update_by_query to create a new field that takes a value of an existing field and adds say 1 for example.
POST newlogstash/_update_by_query
{
"script": {
"lang": "painless",
"inline": "if (ctx._source.alert.severity > 2) {ctx._source.cmertic += 1;}"
}
}
but I get the following error, and my hunch is that because the field alert.severity is not always present. So how do I check if a field exist within the inline syntax
{
"error": {
"root_cause": [
{
"type": "sc…
for some examples