Issed when search with script from OpenSearch

kietluu · ‎11-11-2024

I tried to search data with dynamic script:

| ecs "opensearch_dashboards_sample_data_flights" "{
\"from\": 0,
\"size\": 1000,
\"query\": {
\"match_all\": {}
},
\"script_fields\": {
\"fields\": {
\"script\": {
\"source\": \\\"def fields = params['_source'].keySet(); def result = new HashMap(); for (field in fields) { def value = params['_source'][field]; if (value instanceof String && value.contains('DE')) { result.put(field, value.replace('DE', 'Germany')); } else { result.put(field, value); }} return result;\\\"
}
}
},
\"track_total_hits\": true
}" "only" | table *

But it not working. I think the problem is from my source command, but I don't know how to fix this

\"source\": \\\"def fields = params['_source'].keySet(); def result = new HashMap(); for (field in fields) { def value = params['_source'][field]; if (value instanceof String && value.contains('DE')) { result.put(field, value.replace('DE', 'Germany')); } else { result.put(field, value); }} return result;\\\"

Hope someone can help me fix this. Thank very much for speding tim for my issue.

PickleRick · ‎11-11-2024

"ecs" is not a native Splunk command. Whatever add-on it came from you need to look in its docs. The only Splunk-related thing is that the string which apparently contains some command for external service must be properly escaped. Other than that it's beyond Splunk realm.

kietluu · ‎11-11-2024

@PickleRick thank you

Issed when search with script from OpenSearch

eval

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies