Scripted fields issue

hsiuming · December 7, 2017, 2:16am

Hello

We now set a Scripted fields to get some information from log data.

The Scripted fields language is painless and format is string.

The content of Scripted fields is :

if (doc.containsKey('Binary.keyword')&& doc['message.keyword'].value=="XXXXXXX")
{ doc['Binary.keyword'].value.substring(9, 11); }

The Scripted fields can show the data,but it can't be set as an filter condition.

If we set the Scripted fields string as the filter condition,kibana will show an error about:

"curier Fetch: 10 of 80 shards failed"

Is there any setting issue?

Marius_Dragomir · December 7, 2017, 12:57pm

Hello,

You need to add an else branch to your scripted field, otherwise the lambda used for embedding scripted fields in filters fails for the cases when the field does not exist.
Also, keep in mind that you have to recreate the filter, as that's static so it won't update by itself if you update the scripted field.

There's a difference on how scripted fields work in Discovery (those are computed in Kibana) and those that used in filters (the code is wrapped in a boolean compare and it's sent as part of the query to ES and computed there).

system · January 4, 2018, 12:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.