Scripted Field EsError in Kibana

Elastic Stack Kibana
1

Hey there,
I have Apache logs imported in ES where the "request.keyword" field contains the path of the accessed document of a server. For example: "/category/path/to/requested/data/xml/file.xml"
I want to sort in a dashboard the category of the requested file instead of the full path to have like a pie chart for example of all the "Category 1" together instead of each individual category1/etc/file.xml.

I created the following scripted field:

def path = doc['request.keyword'].value;
if (path != null) {
    int secondIndex = path.indexOf('/', path.indexOf('/') + 1);
    if (secondIndex > 1) {
        return path.substring(1, secondIndex);
    }
}
return "";

When I go over to the discover tab, the new scripted field seems to work perfectly. (See image)

script
script2512×864 165 KB

When I go over to Lens in Kibana to create a visualization of all the "categories", I get the following error:
error
error2537×1098 147 KB

(Alternative picture location: Imgur: The magic of the Internet)
An error occurred when loading data. [lens_merge_tables] > [esaggs] > EsError"
I don't understand why the scripted field works, but doesn't let me visualize the data extracted by it.

Any help would be appreciated, I will be glad to provide extra information!
Thanks

2

An amazing soul helped me out with this problem and it is now fixed.

For anyone else having this problem, here's what I ended up doing.

if (!doc.containsKey('request.keyword') || 
    doc['request.keyword'].empty) {
    return "Not present in doc";
} else {
    def path = doc['request.keyword'].value;
    if (path != null) {
        int secondIndex = path.indexOf('/',path.indexOf('/') + 1);
        if (secondIndex > 1) {
            return path.substring(1, secondIndex);
        }
    }
return "";
}

I added a more thorough check at the beginning that checks if the doc contains the key and if it is empty.
It fixed it for me and I hope it fixes it for you as well.

Credits to u/ratonbox. Original answer: https://www.reddit.com/r/kibana/comments/npblcy/scripted_field_eserror_in_kibana/

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.