_ingest processor

Zachary_Buckholz · April 27, 2017, 6:46pm

I am attempting to do what I think should be a simple ingest processor pipeline.

From filebeat I am doing the following

{
"description": "OpenAM Authentication Access Logging",
"processors": [{
"set" : {
"field": "type",
"value": "amAuthentication.access_pipeline"
},
"split": {
"field": "message",
"separator": "\t"
},
"set": {
"field": "openam.data",
"value": "{{message.1}}"
}
}
],
"on_failure": [
{
"set": {
"field": "error",
"value": "{{ _ingest.on_failure_message }}"
}
}
]
}

But my value in elasticsearch is

"openam": {
"data": ""
},

How can I access the individual array elements of the initial split?

Thanks
Zach

warkolm · April 28, 2017, 8:04am

What value is this?

Zachary_Buckholz · April 28, 2017, 1:51pm

I was hoping it would be the first element of the array returned from the split processor run on the message field.

system · May 26, 2017, 1:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Processor -> split -> set array.element? Beats filebeat	3	1102	May 26, 2017
Access Field in Ingest-Pipeline Elasticsearch	6	633	June 3, 2019
Can the Ingest Attachment Processor Plugin extract array data? Elasticsearch	8	2764	January 18, 2017
Access processor information (name/fields) Elasticsearch	1	339	May 24, 2018
Is this expected behaviour of split processor in a pipeline? Elasticsearch	1	388	November 20, 2019

_ingest processor

Related topics