Hi there,
I'm trying to use scripted fields on a string value.
I've added the "script.painless.regex/enabled: true" to the elasticsearch.yml file and created the following scripted index:
doc['TigerLayer.keyword'].value
whereas:
"TigerLayer":{
"type": "text",
"norms": false,
"fields": {
"raw":{
"type": "keyword",
"ignore_above": 256
}
}
}
Elasticsearch returns "Courier Fetch" warning and doesn't present any results...
any ideas?
Hi,
For this particular scripted field you don't need that elasticsearch.yml setting since you're not using a regex, but it shouldn't hurt either.
To be used in a scripted field, I think fields have to be both searchable and aggregatable as seen in the fields tab for the index pattern. I think you're keyword should show checkmarks in those columns. But please check to be sure.
Next, in your scripted field did you set;
Language: painless ("expression" only works on numeric values)
Type: string
Format: -default-
Popularity: 1 or greater just makes it rise up to the top in the field list on Discover so it's easier to find if you have a lot of fields
Script: doc['TigerLayer.keyword'].value
I just created on for host.keyword like above and it works OK.
Oh, one more thing, does EVERY document in your index have a value for that field? If not, that could be a problem. You can work around it but you have to add a check in your script.
You can check if that field "exists" in the Discover tab. First you would have to remove the scripted field so Discover works again.
In Discover, with some results, click the little right arrow to expand one of the docs.
Find your TigerLayer field and click the * to filter only docs where that field exists.
If your count changed that would indicate not all docs have that field.
Or you can mouse-over the exists filter up near the query bar and click the magniying glass with the - in it to invert the filter so it only shows docs where that field does not exist.
If that's the case, let me know and I'll find an example of a script to work around it.
Regards,
Lee
Hi, thanks for the reply but unfortunately- No Luck ...
so- the field is just searchable, not aggregatable- may this be the issue? how can I change that?
Language: painless - Yes
Type: string - Yes
Format: -default- - Yes
Popularity: 1 or greater just makes it rise up to the top in the field list on Discover so it's easier to find if you have a lot of fields- Yes
Script: doc['TigerLayer.keyword'].value -Yes
and yes- I filtered the results to show only the entries where TigerLayer exists...
I also tried the script on the host field and failed (BTW, host field is not aggregatable as well).
Any other ideas?
Hi Elad,
I'm trying to figure that out for you. It looks like the keyword should be searchable and aggregatable, and not analyzed. And should be usable in a scripted field. So at the moment I'm not sure why yours isn't or how to fix that.
Lee
A Kibana developer suggested you could try refreshing the field list in Kibana. The circle arrows button when you're on your index pattern.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.