Create array with only one element

Elastic Stack Logstash
1

Hi,

I'm trying to create an array with only one element, so that I can add more elements to it later with elasticsearch action update and script.

When adding an array with two elements like this:
filter {
mutate {
add_field => {"path2" => ["%{path}","5"]}
}
}

I get an array element in elasticsearch like this:
"path2": [
"/path/to/my/file.txt",
"5"
]

But if I remove the "5" and write it like this:
add_field => {"path2" => ["%{path}"]}
I get a "path2" entry in elasticsearch which is not an array:
"path2":"/path/to/my/file.txt"

How can I create an array with only one element in it so that I can add elements to that array later?

2 
ruby { code => 'event.set("path2", [ event.get("path") ])' }
3

Thanks a lot! That worked perfectly.
Is it only possible to add an array with just one element through ruby code? Or is there a way to solve this without having to use the ruby filter plugin?

In case someone is trying to do the same as I do here's my full logstash config:

input {
    file {
        path => "/path/to/my/files/**/*.*"
    }
}

filter {
    grok {
	    #to match a csv file with two elements
        match => { "message" => "%{GREEDYDATA:field1}[;:]%{GREEDYDATA:field2}" }
    }
    ruby { code => 'event.set("path", [ event.get("path") ])' }

    fingerprint {
        method => "SHA1"
        concatenate_sources => "true"
        source => ["field1","field2"]
        key => ""
        target => "[@metadata][fingerprint]"
    }
}

output {
    elasticsearch {
        hosts => "http://elasticsearch:9200"
        document_id => "%{[@metadata][fingerprint]}"
        index => "test-duplicate"
        action => "update"
        doc_as_upsert => "true"
        script => 'ctx._source.path.add("%{path}");'
    }
}

This config will update "path" with an array of elements where the combination of field1 and field2 are duplicate with something that's already saved in elasticsearch.