Hi community.
I am a newbie in Kibana and Elastic search. I am using scripted fields to search for logs containing certains strings and then visualize them. I have written my script in Painless. Here is the line that is returning null which it should not:
def m = doc['dissect.message.keyword'].value;
Basically I want to search for logs containing the string "logSearch" && "&fq=". And when I go to discover section and type in "logSearch" && "&fq=", the correct logs are returned, but scripted fields is unable to search for those logs. The very first line I mentioned above is returning null so further processing is not even possible.
But that above script line returns the correct logs when searching just for "logSearch". Meaning it returns null for logs that contains the both of the strings "&fq=" and "logSearch". I want to understand why it is returning null. I am attaching the log in json format for which the above script line returns null.
{
"_index": "%{logplane}-2021.08.20",
"_type": "doc",
"_id": "di8DY3sByTEZYihPqwKx",
"_version": 1,
"_score": null,
"_source": {
"fields": {
"logplane": "kubelog"
},
"@timestamp": "2021-08-20T10:03:07.756Z",
"dissect": {
"field_2": "log",
"field_1": "var",
"field_7": "be",
"message": "stderr F 20-Aug-2021 10:03:07.182 INFO [http-nio-8080-exec-9] com.abcd.controller.HomeController.logSearch logSearch: signumid=9999_AND_userrole=SU_AND_username=UserName_AND_usergroup=2:name_AND_userquery=/solr/detail_view/select?&fq=abcd_name:searchTerm &q=*:*&rows=1000&wt=json",
"field_3": "pods",
"field_4": "prod",
"field_6": "8e493f64-e2d4-4579-87b1-a6314ba5b5bb",
"field_8": "0.log"
},
"severity": "info",
"service_id": "UNKNOWN",
"new_timestamp": "2021-08-20T12:03:07.183298076+02:00",
"version": "0.2.0",
"@version": "1",
"timestamp": "2021-08-20T12:03:07.183298076+02:00"
},
"sort": [
1629453787183
]
}