Substring in painless

raghvendra · June 8, 2017, 6:34am

hi ..I am new to ELK stack . I want to create a new filed from a existing field created by logstash at the time of parising , by painless scripting.

this is my "request" field => "/gameserver_pkr?websocket=1&&action=update_score"
I want to have a substring from index 0 to index of "?".
I have appended => script.painless.regex.enabled: true into elasticsearch.yml file.
Can anyone help ?
scripted field code is->
def String p = doc['request'].value;
Def String App = p.subString(0, p.indexOf ('?'));
return App;

rjernst · June 9, 2017, 3:24pm

If you are trying to use a regex, I think it would look something like:

Matcher match = /([^\?]+).*/.matcher(doc['request'].value);
if (match.matches()) {
  return match.group(1);
} else {
  // something is wrong? the path is malformed, decide what to return or throw an error
}

raghvendra · June 10, 2017, 1:11pm

i have got it fixed .. i had to use request.keyword instead of request and rest was same.
Thanks

Topic		Replies	Views
Find documents where field1 is equal to substring of field2 Elasticsearch	2	2264	December 15, 2017
Returning part of a field with a regexp Elasticsearch	2	360	July 6, 2017
How to search substring from log field using the scripted fields in painless without regex Kibana painless	6	6056	April 22, 2019
Update by query problem Elasticsearch	2	1054	July 24, 2018
Scripted Field substring error Kibana	3	3038	July 23, 2019

Substring in painless

Related topics