Scripted fields issue

hsiuming · December 7, 2017, 2:16am

Hello

We now set a Scripted fields to get some information from log data.

The Scripted fields language is painless and format is string.

The content of Scripted fields is :

if (doc.containsKey('Binary.keyword')&& doc['message.keyword'].value=="XXXXXXX")
{ doc['Binary.keyword'].value.substring(9, 11); }

The Scripted fields can show the data,but it can't be set as an filter condition.

If we set the Scripted fields string as the filter condition,kibana will show an error about:

"curier Fetch: 10 of 80 shards failed"

Is there any setting issue?

Marius_Dragomir · December 7, 2017, 12:57pm

Hello,

You need to add an else branch to your scripted field, otherwise the lambda used for embedding scripted fields in filters fails for the cases when the field does not exist.
Also, keep in mind that you have to recreate the filter, as that's static so it won't update by itself if you update the scripted field.

There's a difference on how scripted fields work in Discovery (those are computed in Kibana) and those that used in filters (the code is wrapped in a boolean compare and it's sent as part of the query to ES and computed there).

system · January 4, 2018, 12:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Double Scripted Field gets fetched as string when filtering in a Dashboard Kibana	2	242	September 14, 2021
Scripted Fields in Kibana Not Working as Expected Kibana	2	420	November 17, 2021
Filter on scripted field not working in Kibana UI Kibana	5	2369	November 19, 2019
Scripted fields if value exists Kibana	10	21483	July 6, 2017
Scripted field causes discover to fail kibana 7.8 Kibana	2	390	September 29, 2020

Scripted fields issue

Related Topics