Why does Regex Painless Script only extract data from certain docs even when in the field exist in each doc?

Daniel_Gonzalez1 · January 23, 2020, 11:55pm

Hello Everyone!

I made a regex painless script to extract some values from the message field, but at the moment to extract the values, the script only extract de values from a certain docs even when the value appears in all the docs, the log message is the same for every doc

This is an example:

This is my Painless Script:

if (doc['message.keyword'].size() == 0) return '';
Matcher m = /MXP1\sRACF\s(\w+)\s/.matcher(doc['message.keyword'].value);
if ( m.find() ) {
   return m.group(1)
} else {
   return "no match"
}

It suppose the regex match in every doc! I don't know why is not recognizing the regex

Marius_Dragomir · January 28, 2020, 4:33pm

It feels like an issue with the regex filter. Can you try and use it in a regex tester on the fields that it doesn't work and you think it should?

system · February 25, 2020, 4:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
REGEX-Painless returns null Kibana	8	840	May 18, 2018
Using field script with Painless and Regex Kibana	4	354	August 22, 2019
Painless regex does not match Elasticsearch	1	698	July 4, 2018
Does Painless Script can extract text data from fields? Kibana	2	2163	February 25, 2020
How to use regex in kibana painless script? Kibana	6	2360	February 11, 2019

Why does Regex Painless Script only extract data from certain docs even when in the field exist in each doc?

Related topics