Good day. We use elasticsearch 6.7.1 and Ingest API for receiving logs from filebeats.
We set this pipeline (some processors removed for clarity):
{
"description": "balancer pipeline",
"processors": [
{
"split": {
"field": "upstream_header_time",
"separator": ",\\s+",
"target_field": "upstream_header_time_new",
"ignore_failure" : true
}
}
]
In Kibana I see this
upstream_header_time and upstream_header_time_new don't differ becasue split processor this way works (I think he works like that:) ) - on exit it creates two numbers, which comma separated.
It's OK.
Then I want add new processor to this pipeline, which summarizes this two numbers. I think processor script with painless language can help me. But I lack knowledge.
I guess such steps:
- field upstream_header_time_new transform to list
- summ two elements in list
I try add this processor to pipeline, but it didnt work (syntax error):
{
"script": {
"lang": "painless",
"source": """
String[] headerSplit = split(ctx.upstream_header_time_new, char ",");
ctx.field_new = (headerSplit[0] + headerSplit[1]);
"""
}
}
Can anyone help?