I have a Json array of strings. I want to find the one entry that starts with “xx” and create a new field with it as the value. The text after “xx” can vary.
Not sure how to use the dissect directive on an array of strings to do this.
Example Json log:
{“array”:[“blah”, “not this”, “xxThis”,”not this either”]}
Result:
{“array”:[“blah”, “not this”, ”not this either”], “new_field”:”xxThis”}
Thanks
I would do that in a ruby filter. I have not tested it but something like
ruby {
code => '
a = event.get("array")
if a
a.each { |x|
if x =~ /^xx/
event.set("new_field", x)
end
}
end
'
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.