Scripted Field EsError in Kibana

opdelta · May 31, 2021, 6:00pm

Hey there,
I have Apache logs imported in ES where the "request.keyword" field contains the path of the accessed document of a server. For example: "/category/path/to/requested/data/xml/file.xml"
I want to sort in a dashboard the category of the requested file instead of the full path to have like a pie chart for example of all the "Category 1" together instead of each individual category1/etc/file.xml.

I created the following scripted field:

def path = doc['request.keyword'].value;
if (path != null) {
    int secondIndex = path.indexOf('/', path.indexOf('/') + 1);
    if (secondIndex > 1) {
        return path.substring(1, secondIndex);
    }
}
return "";

When I go over to the discover tab, the new scripted field seems to work perfectly. (See image)

When I go over to Lens in Kibana to create a visualization of all the "categories", I get the following error:

(Alternative picture location: Imgur: The magic of the Internet)
An error occurred when loading data. [lens_merge_tables] > [esaggs] > EsError"
I don't understand why the scripted field works, but doesn't let me visualize the data extracted by it.

Any help would be appreciated, I will be glad to provide extra information!
Thanks

opdelta · June 1, 2021, 3:38pm

An amazing soul helped me out with this problem and it is now fixed.

For anyone else having this problem, here's what I ended up doing.

if (!doc.containsKey('request.keyword') || 
    doc['request.keyword'].empty) {
    return "Not present in doc";
} else {
    def path = doc['request.keyword'].value;
    if (path != null) {
        int secondIndex = path.indexOf('/',path.indexOf('/') + 1);
        if (secondIndex > 1) {
            return path.substring(1, secondIndex);
        }
    }
return "";
}

I added a more thorough check at the beginning that checks if the doc contains the key and if it is empty.
It fixed it for me and I hope it fixes it for you as well.

Credits to u/ratonbox. Original answer: https://www.reddit.com/r/kibana/comments/npblcy/scripted_field_eserror_in_kibana/

system · June 29, 2021, 3:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using scripted fields from Kibana raises a script exception in ES Elasticsearch	3	1513	July 5, 2017
Scripted Field substring error Kibana	3	2956	July 23, 2019
Kibana Scripted Field Kibana	2	255	May 17, 2019
Scripted fields sort Kibana	2	864	August 28, 2020
Kibana scripted field (bad request error) Kibana	5	2179	August 11, 2020

Scripted Field EsError in Kibana

Related topics