Scripted fields - regex always return false

I get some technical emails from many machines. In order to sort them out, if put a [hostname|ip] string either in "from" field, or in the subject.

While I'm trying to write a scripted field to extract them, regex (m.matches()) always return false (.* return false as well). I did enable the "script.painless.regex.enabled: true" option.

Anyone has an idea of what's going wrong ?

I'm using ES and Kibana 5.5.2.

Sample code:

def m = /(.*)/.matcher(doc['from.keyword'].value);
if (m.matches ()) {
return m.group(1)
} else {
return doc['from.keyword'].value
}

take a look at this blogpost where regex matching is described:

If you have a look on my example, this is exactly what I have done. But no success.

just tested this and it works as expected ....

some hints to find out the issue:

  • are you enabling painless regex in elasticsearch.yml ? (not the kibana.yml)
  • did you set scripted field type to string (default is integer)
  • do you have the right field ? what about from.raw ?
  • I did place "script.painless.regex.enabled: true" in /etc/elasticsearch/elasticsearch.yml (Debian), as documented.
  • The field "from" is discovered and set as "string".
  • Allthough "from.raw" does not exist (No field found for [from.raw]), and ES did ask to use "from.keyword" instead of "from"

Anyway "m.matches()" always return false.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.