Why does Regex Painless Script only extract data from certain docs even when in the field exist in each doc?

Elastic Stack Kibana
1

Hello Everyone!

I made a regex painless script to extract some values from the message field, but at the moment to extract the values, the script only extract de values from a certain docs even when the value appears in all the docs, the log message is the same for every doc

This is an example:

Ejemplo 1
Ejemplo 11166×576 43.8 KB
Ejemplo 2
Ejemplo 21132×556 29.9 KB
Ejemplo 3
Ejemplo 31057×554 28.6 KB

This is my Painless Script:

if (doc['message.keyword'].size() == 0) return '';
Matcher m = /MXP1\sRACF\s(\w+)\s/.matcher(doc['message.keyword'].value);
if ( m.find() ) {
   return m.group(1)
} else {
   return "no match"
}

It suppose the regex match in every doc! I don't know why is not recognizing the regex

2

It feels like an issue with the regex filter. Can you try and use it in a regex tester on the fields that it doesn't work and you think it should?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.