Using scripted field in search query

yuswanul · August 25, 2023, 11:36am

hi there

i have a question here. so for example I already made a scripted field with the name "api_key" and I want include that field in my search query like http.code: 403 AND NOT api_key: unknown

I already included the scripted field like this but I got no result

"must_not": [
        {
          "script": {
            "script": {
              "source":"if(doc.containsKey('request.headers.api_key.keyword') && doc['request.headers.api_key.keyword'].size() != 0){return doc['request.headers.api_key.keyword'].value;} else if(doc.containsKey('request.querystring.api_key.keyword') && doc['request.querystring.api_key.keyword'].size() != 0) { return doc['request.querystring.api_key.keyword'].value;} else if(doc.containsKey('request.headers.x-api-key.keyword') && doc['request.headers.x-api-key.keyword'].size() != 0) { return doc['request.headers.x-api-key.keyword'].value;} else {return'unknown';}",
            "lang": "painless",
            "params": {
              "value" : "unknown"
            }
            }
          }
        }
        ]

what am I supposed to do? That is the correct way, right? please help

system · September 22, 2023, 11:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Proper syntax of script fields Elasticsearch	4	518	February 13, 2017
Filter Search by Scripted field elastic Elasticsearch	9	6311	March 10, 2020
Accessing a scripted field in an elasticsearch match query Elasticsearch	3	1703	July 5, 2017
Search template into painless script Elasticsearch	2	763	September 27, 2019
How to check a doc field exist while creating scripted field using painless Kibana	4	24118	May 26, 2017

Using scripted field in search query

Related Topics