Hide painless script calculation in certain conditions

linkimos · November 15, 2023, 9:26am

Describe the issue:
I have created a Painless script to extract data from specific log messages. The script is intended to apply only to logs containing certain messages. However, currently, it’s applying to all logs, assigning a default value (0 ) when the relevant message is not found. I also tried to change the returned value to ‘false’ and ‘null’, but it still showed the field name without any value.
I want to know how can I hide the painless script calculated field in conditions where there is no data at all.
The script is attached below.

Configuration:

if (doc[‘msg.keyword’].size() != 0 && doc[‘msg.keyword’].value.equals(‘starts processing request headers’)) {
return 1;
} else {
return false;
}

Relevant Logs or Screenshots:

Mantas · November 15, 2023, 3:23pm

Hi @linkimos ,

You could try something like this:

POST [index]/_update_by_query
{
  "script": {
    "lang": "painless",
    "source": "ctx._source.[FieldName] = 1"
  },
  "query": {
    "match": {
      "msg.keyword": "starts processing request headers"}
    
  }
}

Best,
Mantas

linkimos · November 15, 2023, 7:16pm

Hi, thanks for your reply.
Unfortunately, although I am getting 200, it doesn’t work.
Any idea?

Mantas · November 17, 2023, 11:32am

Hi @linkimos ,

The 200 indicates that your update was successful.

Best,
Mantas

Topic		Replies	Views
Using Painless in filter with flat_object field type OpenSearch	1	603	February 14, 2024
Regex on painless Script fro trigger Alerting	1	1573	February 7, 2023
Access Nested Objects using Painless for Alerting to Create Trigger Condition Alerting	1	1501	December 15, 2022
OpenSearch prevent script_score from running more than once when `query.bool.must` is used along `query.bool.should` OpenSearch	1	46	December 29, 2024
Painless script for custom scoring based on number of occurrences of a term OpenSearch	1	875	June 29, 2023

Hide painless script calculation in certain conditions

Related topics