Akira
Reputation: 273
How to search substring from log field using the scripted fields in painless without regex
I am trying to create to some scripted fields using painless by capturing some "keyword" in the log field, which is a long text field. for example, I have bunch of the log fields:
"Error: Duplicate entry in user1"
"Error: Duplicate entry in user2"
"Error: Duplicate entry in user1"
"Error: Duplicate entry in user3"
"Error: Duplicate entry in user2"
"Error: Duplicate entry in user1"
"Error: Duplicate entry in user3"
The painless I was using:
if (doc['log.keyword'].value == 'Duplicate entry') {
return "match";
}
return "No match";
to only capture the "Duplicate entry" error message regardless of userID, I am sure I need to use regex to do that. I am just wondering if there is another way to do it without using the regex. Any suggestions.
Upvotes: 1
Views: 8563
Answers (1)
Andrey Borisko
Reputation: 4609
there are lots of ways. you can try this:
GET logs/_search
{
"query": {
"script": {
"script":
"""
if (doc["log.keyword"].value == null) return false;
return doc["log.keyword"].value.contains("Duplicate entry");
"""
}
}
}
in kibana 5 triple quotes might not work. i don't remember exactly. just replace with single quotes
Upvotes: 1
Related Questions
- Query Kibana logs where message contains a substring
- Kibana query exact match
- Perform partial string match in ElasticSearch (Kibana)
- Search substring in elastic search
- Regex Search in Kibana Elasticsearch
- Kibana Regular expression search
- Extract value from string in kibana
- Elasticsearch substring must be contained in field
- kibana 5 scripted field for regex match
- Elasticsearch: filter for a substring in the value of a document field?