Why does Regex Painless Script only extract data from certain docs even when in the field exist in each doc?

Daniel_Gonzalez1 · January 23, 2020, 11:55pm

Hello Everyone!

I made a regex painless script to extract some values from the message field, but at the moment to extract the values, the script only extract de values from a certain docs even when the value appears in all the docs, the log message is the same for every doc

This is an example:

This is my Painless Script:

if (doc['message.keyword'].size() == 0) return '';
Matcher m = /MXP1\sRACF\s(\w+)\s/.matcher(doc['message.keyword'].value);
if ( m.find() ) {
   return m.group(1)
} else {
   return "no match"
}

It suppose the regex match in every doc! I don't know why is not recognizing the regex

Marius_Dragomir · January 28, 2020, 4:33pm

It feels like an issue with the regex filter. Can you try and use it in a regex tester on the fields that it doesn't work and you think it should?

Topic		Replies	Views
REGEX-Painless returns null Kibana	8	914	May 18, 2018
Scripted fields - regex always return false Kibana	5	1031	September 25, 2017
Does Painless Script can extract text data from fields? Kibana	2	2201	February 25, 2020
Kibana painless scripted fields and regex - Only the first created works Kibana	5	1857	December 4, 2018
How to search substring from log field using the scripted fields in painless without regex Kibana painless	6	6055	April 22, 2019

Why does Regex Painless Script only extract data from certain docs even when in the field exist in each doc?

Related topics