Returning part of a field with a regexp

rastro · October 30, 2013, 1:57am

I want to run a search and return a value based on a substring in the
message, e.g.

message = "Foo =bar= spam", and I want to return the stuff in between the
equal signs.

It seems that a preloaded python script would be the way to go, so I wrote
one and call it from the search (see below).

I think that I need to look at _doc['message'].value, but that's not
working (error message currently unavailable - sorry!).

I'm unable to find a complete example on the web, and always catch the IRC
channel during siesta time.

Does anyone have a sample script available, or is there a better way to
return a piece of a field?

{
"query": {
"filtered": {
"query": {

                            "query_string": {
                                    "query": "spam"
                            }
                    }
            }
    },
    "facets" : {
            "tag": {
                    "terms": {
                            "script": "script_test",
                            "lang": "python"

                    }
            }
    }

}

The script is run,

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

spinscale · November 14, 2013, 8:39am

Hey,

not sure if I got your requirement right, but I think you may need to make
use of the script_field functionality, which allows you to add a field to
the results, which has been computed by a script. Also you can choose
between several scripting languages. MVEL is the one enabled by default, if
you want to use python, you will need to install the corresponding plugin.

--Alex

On Wed, Oct 30, 2013 at 2:57 AM, rastro robert@webmstr.com wrote:

I want to run a search and return a value based on a substring in the
message, e.g.

message = "Foo =bar= spam", and I want to return the stuff in between the
equal signs.

It seems that a preloaded python script would be the way to go, so I wrote
one and call it from the search (see below).

I think that I need to look at _doc['message'].value, but that's not
working (error message currently unavailable - sorry!).

I'm unable to find a complete example on the web, and always catch the IRC
channel during siesta time.

Does anyone have a sample script available, or is there a better way to
return a piece of a field?

{
"query": {
"filtered": {
"query": {
                            "query_string": {
                                    "query": "spam"
                            }
                    }
            }
    },
    "facets" : {
            "tag": {
                    "terms": {
                            "script": "script_test",
                            "lang": "python"

                    }
            }
    }
}

The script is run,

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.