Issed when search with script from OpenSearch

kietluu · ‎11-11-2024

I tried to search data with dynamic script:

| ecs "opensearch_dashboards_sample_data_flights" "{
\"from\": 0,
\"size\": 1000,
\"query\": {
\"match_all\": {}
},
\"script_fields\": {
\"fields\": {
\"script\": {
\"source\": \\\"def fields = params['_source'].keySet(); def result = new HashMap(); for (field in fields) { def value = params['_source'][field]; if (value instanceof String && value.contains('DE')) { result.put(field, value.replace('DE', 'Germany')); } else { result.put(field, value); }} return result;\\\"
}
}
},
\"track_total_hits\": true
}" "only" | table *

But it not working. I think the problem is from my source command, but I don't know how to fix this

\"source\": \\\"def fields = params['_source'].keySet(); def result = new HashMap(); for (field in fields) { def value = params['_source'][field]; if (value instanceof String && value.contains('DE')) { result.put(field, value.replace('DE', 'Germany')); } else { result.put(field, value); }} return result;\\\"

Hope someone can help me fix this. Thank very much for speding tim for my issue.

PickleRick · ‎11-11-2024

"ecs" is not a native Splunk command. Whatever add-on it came from you need to look in its docs. The only Splunk-related thing is that the string which apparently contains some command for external service must be properly escaped. Other than that it's beyond Splunk realm.

kietluu · ‎11-11-2024

@PickleRick thank you

Issed when search with script from OpenSearch

eval

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Are you a member of the Splunk Community?

Issed when search with script from OpenSearch

eval

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition