This tutorial on adding painless scripted field in kibana will give you a quick start on this rather useful feature. If you ever inherit an elasticsearch index and are wishing for some extra fields then scripted fields can save you lot of efforts. As usual we will start with why followed by how.
WHY
Many a times after the data has been ingested a user will request if you can add the length of a given field also. Or someone will request if you can add a field with value Pass or Fail depending on the value of some field. In short, users want some extra fields to sort/slice/visualize the data in Kibana. And since the data is already ingested you are stuck. However before you reach out for Update by Query API take a look at scripted fields. They might just do the trick if you just want those extra fields for visualization, searching or sorting in Kibana.
HOW
This part is easy to explain. I assume that you have a local instance of Elasticsearch and Kibana running.
Before we start on creating the scripted field let us put in some data.
I will put in some very simple data
PUT /heroes/_doc/1
{
"name": "John Rambo",
"age" : 62,
"score" : 79
}
PUT /heroes/_doc/2
{
"name": "John Cena",
"age" : 35,
"score" : 83
}
PUT /heroes/_doc/3
{
"name": "John Wick",
"age" : 47,
"score" : 72
}
PUT /heroes/_doc/4
{
"name": "Bruce Wayne",
"age" : 45,
"score" : 88
}
PUT /heroes/_doc/5
{
"name": "Black Widow",
"age" : 32,
"score" : 72
}
PUT /heroes/_doc/6
{
"name": "Peter Parker",
"age" : 23,
"score" : 79
}
PUT /heroes/_doc/7
{
"name": "Tony Stark",
"age" : 49,
"score" : 91
}
A simple check to see if the data in there
GET heroes/_search
Then you have to go and create an index pattern, say heroes*
Let is first do a simple one. Find the length of the name of each person and store it in a scripted field called nameLength
Here is our simple script. It finds the length of the name field.
return params['_source']['name'].length()
First let us go to the index pattern page for heroes*.
Time to put in a scripted field. I choose the return type as number since we will be finding the length.
They have a very useful tool to check the syntax and preview the results. Use it.
You should not be seeing any errors here.
Once verified you can just add the field.
Then when you go to the Discovery page and pull up the index pattern you should be seeing the nameLength field.
However before you go wild with scripted fields, consider these :
1. Avoid being the position where you have to reach out to scripted fields. Do your data ingest better.
2. If you have to use painless scripted field in kibana remember that they are computed on the fly. These are resource intensive operations.
3. There is no validation of the painless scripted field in Kibana. You can really mess up things here.
Having said that I will put in one more scripted field. Here depending on the performance I will mark the event with a FAIL or a PASS.
Here is the scripted field.
if (params['_source']['score'] > 80)
{
return "PASS"
}
else
{
return "FAIL"
}
Here is the result
So yeah. That’s about it. This is the start of the journey. You can go absolutely crazy with the scripted fields.
