Why does Regex Painless Script only extract data from certain docs even when in the field exist in each doc?

Daniel_Gonzalez1 · January 23, 2020, 11:55pm

Hello Everyone!

I made a regex painless script to extract some values from the message field, but at the moment to extract the values, the script only extract de values from a certain docs even when the value appears in all the docs, the log message is the same for every doc

This is an example:

This is my Painless Script:

if (doc['message.keyword'].size() == 0) return '';
Matcher m = /MXP1\sRACF\s(\w+)\s/.matcher(doc['message.keyword'].value);
if ( m.find() ) {
   return m.group(1)
} else {
   return "no match"
}

It suppose the regex match in every doc! I don't know why is not recognizing the regex

Marius_Dragomir · January 28, 2020, 4:33pm

It feels like an issue with the regex filter. Can you try and use it in a regex tester on the fields that it doesn't work and you think it should?

system · February 25, 2020, 4:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Does Painless Script can extract text data from fields? Kibana	2	2162	February 25, 2020
How to use regex in kibana painless script? Kibana	6	2356	February 11, 2019
Scripted fields - regex always return false Kibana	5	986	September 25, 2017
Painless scripted fields with regex Elasticsearch	8	8107	March 30, 2018
Painless script - check for null Elasticsearch	6	20459	April 14, 2018

Why does Regex Painless Script only extract data from certain docs even when in the field exist in each doc?

Related Topics