Elasticsearch OpenSearch Script Regex is Enabled in Painless Scripts

By Opster Team

Updated: Jun 27, 2023

| 1 min read

Before you dig into the details of this technical guide, have you tried asking OpsGPT?

You'll receive concise answers that will help streamline your Elasticsearch/OpenSearch operations.


Try OpsGPT now for step-by-step guidance and tailored insights into your Elasticsearch/ OpenSearch operation.

Before you dig into the details of this guide, have you tried asking OpsGPT? You’ll receive concise answers that will help streamline your OpenSearch/Elasticsearch operation.

Try OpsGPT now for step-by-step guidance and tailored insights into your search operation.

To easily resolve issues in your deployment and locate their root cause, try AutoOps for OpenSearch. It diagnoses problems by analyzing hundreds of metrics collected by a lightweight agent and offers guidance for resolving them. Try AutoOps for free.

Overview

Regex (short for regular expression) refers to a technique for searching using a sequence of characters defining a search pattern. For example, gray|grey would find both words gray and grey. Regex must be used with care in painless scripts, since some expressions can be extremely slow and require a great deal of resources to run. For this reason regex is disabled by default in painless scripts.

If you decide to enable regex, remember the following best practices: expressions should use anchors (^ or $) to denominate the beginning or end of the text string wherever possible and should never have a leading wildcard (*) (or just 1 character and wildcard) since this implies searching through all of the terms in the set. In general you should also try to be as specific as possible with which and how many characters can match.

How to resolve it

By default regex is disabled in OpenSearch, so if it has been enabled on your cluster, there may be a reason for that. Bear in mind that the use of regex – if properly implemented – is perfectly legitimate. Check the scripts that are in use in your application to determine if regex is being used. You can search for the painless regex operator “=~”.

To prevent regex scripts being used altogether you can restore the default setting on all of your nodes in opensearch.yml (it cannot be updated dynamically):

script.painless.regex.enabled: false

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


Get expert answers on Elasticsearch/OpenSearch