hi there
i have a question here. so for example I already made a scripted field with the name "api_key" and I want include that field in my search query like http.code: 403 AND NOT api_key: unknown
I already included the scripted field like this but I got no result
"must_not": [
{
"script": {
"script": {
"source":"if(doc.containsKey('request.headers.api_key.keyword') && doc['request.headers.api_key.keyword'].size() != 0){return doc['request.headers.api_key.keyword'].value;} else if(doc.containsKey('request.querystring.api_key.keyword') && doc['request.querystring.api_key.keyword'].size() != 0) { return doc['request.querystring.api_key.keyword'].value;} else if(doc.containsKey('request.headers.x-api-key.keyword') && doc['request.headers.x-api-key.keyword'].size() != 0) { return doc['request.headers.x-api-key.keyword'].value;} else {return'unknown';}",
"lang": "painless",
"params": {
"value" : "unknown"
}
}
}
}
]
what am I supposed to do? That is the correct way, right? please help