i have tried this block without success
i haven't find a proper way how to use wildcards
filter {
if [fieldname] =~ /^STAGED.*/ {
mutate {
convert => {"[fieldname]" => "integer"}
}
}
}
You would need to use a ruby filter. If the fields are all at the top-level, like
{ "Foo.1": "1", "Bar.1": "1", "Bar.2": "a", "Baz.1": "1" }
then you could use
ruby {
code => '
event.to_hash.each { |k, v|
if k.start_with?("Bar")
event.set(k, v.to_i)
end
}
'
}
which produces
"Baz.1" => "1",
"Bar.2" => 0,
"Bar.1" => 1,
"Foo.1" => "1",
If you need to iterate through the fields of the events, as you would for
{ "anArray": [ { "Foo.1": "1", "Bar.1": "1" }, { "Foo.1": "1", "Bar.1": "1" } ] }
you could try something like
ruby {
init => '
def doSomething(object, name, keys, event)
puts "doSomething called for #{name}"
if object
if object.kind_of?(Hash) and object != {}
object.each { |k, v| doSomething(v, "#{name}[#{k}]", keys, event) }
elsif object.kind_of?(Array) and object != []
object.each_index { |i|
doSomething(object[i], "#{name}[#{i}]", keys, event)
}
else
# name is something like "[anArray][0][Bar.1]"
lastElement = name.gsub(/^.*\[/, "").gsub(/\]$/, "")
if lastElement.start_with? "Bar"
event.set(name, object.to_i)
end
end
end
end
'
code => '
event.to_hash.each { |k, v|
doSomething(v, "[#{k}]", @field, event)
}
'
}
which produces
"anArray" => [
[0] {
"Bar.1" => 1,
"Foo.1" => "1"
},
[1] {
"Bar.1" => 1,
"Foo.1" => "1"
}
],i have a key value file.
STAGED_stage1=34534
STAGED_stage2=2456
STAGED_stage3=6245
STAGED_stage4=45678
i need to scan the file for every key starting with STAGED and change it to integer
OK, so the first solution should work for you.
god dammit it worked!!!!!!!!!!
can i ask another question?
if i need to add or like
if X or Y or Z how can i do this in ruby?
thank you so much for your help i really appriciate it!!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.