Hi everyone,
I recently upgrade my cluster to 7.1 and my scripted fields (created in 6.6) don't work anymore.
Explanation of the scripted fields:
I want to merge 4 values into 1 values in 1 fields. Theses 4 values are :
-action.keyword : Deny
-action.keyword : Denied
-action.keyword : denied
-action.keyword : denied by ACL.
If the script found this value in the field "action.keyword" return a string value "Deny".
The aim is to combine all the "Deny's" in the action field.
Please find below my script:
if ((doc['action.keyword'].value == 'Deny') || (doc['action.keyword'].value == 'denied') || (doc['action.keyword'].value == 'denied by ACL') || (doc['action.keyword'].value == 'Denied')) { return 'Deny'; } return '';
This script was working like a charm in 6.6. Please find below a sample of the error in the log of ES:
[2019-06-14T11:43:58,233][DEBUG][o.e.a.s.TransportSearchAction] [hostname] [1025278] Failed to execute fetch phase
org.elasticsearch.transport.RemoteTransportException: [hostname][host_ip:9300][indices:data/read/search[phase/fetch/id]]
Caused by: org.elasticsearch.script.ScriptException: runtime error
Caused by: java.lang.IllegalStateException: A document doesn't have a value for a field! Use doc[].size()==0 to check if a document is missing a field!
When I apply this scripted field I don't see any log for the index pattern where i create the scripted field and this appear in the selected fields:
and
I even tried to do a basic script like :
doc['action.keyword'].value + ':' + doc['direction.keyword'].value
but same error as above
Also, when i try apply the recommendation doc['action.keyword'].size()==0 the value is "false" and I can view my log and don't have any errors.
Could you please help me with this issue?
Thank you very much
Thibaut
