Substring in painless

raghvendra · June 8, 2017, 6:34am

hi ..I am new to ELK stack . I want to create a new filed from a existing field created by logstash at the time of parising , by painless scripting.

this is my "request" field => "/gameserver_pkr?websocket=1&&action=update_score"
I want to have a substring from index 0 to index of "?".
I have appended => script.painless.regex.enabled: true into elasticsearch.yml file.
Can anyone help ?
scripted field code is->
def String p = doc['request'].value;
Def String App = p.subString(0, p.indexOf ('?'));
return App;

rjernst · June 9, 2017, 3:24pm

If you are trying to use a regex, I think it would look something like:

Matcher match = /([^\?]+).*/.matcher(doc['request'].value);
if (match.matches()) {
  return match.group(1);
} else {
  // something is wrong? the path is malformed, decide what to return or throw an error
}

raghvendra · June 10, 2017, 1:11pm

i have got it fixed .. i had to use request.keyword instead of request and rest was same.
Thanks

system · July 8, 2017, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with regex scripted field kibana using painless lang! Elasticsearch painless	1	396	October 19, 2020
How to search substring from log field using the scripted fields in painless without regex Kibana painless	6	5876	April 22, 2019
No_viable_alt_exception in painless script field Elasticsearch painless	3	1074	March 23, 2022
Painless regex Kibana	3	1199	December 21, 2019
Regex running on version 5.4 Elasticsearch	10	890	January 2, 2018

Substring in painless

Related topics