Using scripted field in search query

yuswanul · August 25, 2023, 11:36am

hi there

i have a question here. so for example I already made a scripted field with the name "api_key" and I want include that field in my search query like http.code: 403 AND NOT api_key: unknown

I already included the scripted field like this but I got no result

"must_not": [
        {
          "script": {
            "script": {
              "source":"if(doc.containsKey('request.headers.api_key.keyword') && doc['request.headers.api_key.keyword'].size() != 0){return doc['request.headers.api_key.keyword'].value;} else if(doc.containsKey('request.querystring.api_key.keyword') && doc['request.querystring.api_key.keyword'].size() != 0) { return doc['request.querystring.api_key.keyword'].value;} else if(doc.containsKey('request.headers.x-api-key.keyword') && doc['request.headers.x-api-key.keyword'].size() != 0) { return doc['request.headers.x-api-key.keyword'].value;} else {return'unknown';}",
            "lang": "painless",
            "params": {
              "value" : "unknown"
            }
            }
          }
        }
        ]

what am I supposed to do? That is the correct way, right? please help

system · September 22, 2023, 11:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.