Scripted fields issue

hsiuming · December 7, 2017, 2:16am

Hello

We now set a Scripted fields to get some information from log data.

The Scripted fields language is painless and format is string.

The content of Scripted fields is :

if (doc.containsKey('Binary.keyword')&& doc['message.keyword'].value=="XXXXXXX")
{ doc['Binary.keyword'].value.substring(9, 11); }

The Scripted fields can show the data,but it can't be set as an filter condition.

If we set the Scripted fields string as the filter condition,kibana will show an error about:

"curier Fetch: 10 of 80 shards failed"

Is there any setting issue?

Marius_Dragomir · December 7, 2017, 12:57pm

Hello,

You need to add an else branch to your scripted field, otherwise the lambda used for embedding scripted fields in filters fails for the cases when the field does not exist.
Also, keep in mind that you have to recreate the filter, as that's static so it won't update by itself if you update the scripted field.

There's a difference on how scripted fields work in Discovery (those are computed in Kibana) and those that used in filters (the code is wrapped in a boolean compare and it's sent as part of the query to ES and computed there).

system · January 4, 2018, 12:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to 'filter' in Discover when the field is a scripted field Kibana	3	1015	November 21, 2019
Double Scripted Field gets fetched as string when filtering in a Dashboard Kibana	2	242	September 14, 2021
Scripted Fields in Kibana Not Working as Expected Kibana	2	422	November 17, 2021
Error related to scripted fields Kibana	9	4534	May 31, 2017
Scripted fields if value exists Kibana	10	21495	July 6, 2017

Scripted fields issue

Related topics