Hi,
I am trying to concatenate fields inside an array. For example,
event_data => {
param1 => "request",
param2 => "is signing off"
}
And fields inside event_data may vary. For example it may be param1,param2,param3 and so on. I am trying to comcatenate all the fields(no matter how many fields)into a single field. Can someone please help me on this?
Thanks
That's not an array, it's a hash or an object depending on which terminology you want to stick to.
You'll have to use a ruby filter. If you don't care about the names of the keys, just the values, this piece of Ruby should work:
event.set('some-field-name', event.get('event_data').values.sort.join(','))Thanks Magnus, will try it. But how to know whether Ruby(for that matter any plugin) is supported or not on my installed Logstash? And if not supported, how to install the plugin?
The logstash-plugin command can e.g. list installed plugins and install new ones.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.