Hi all, I'm on Elastic 7.10.2, and I noticed a problem with my processing. Some incoming data has tried to set a field using a sprintf string, but the sprintf expression did not result in a replacement, so I'm left with a field that contains an uninterpolated string. This is resulting in Elasticsearch complaining because there is no pipeline with a name of (literally) %{[@metadata][pipeline]}
(I should point out that this is not a standard Elastic deployment, so please just take it as given that normally there would normally be a [@metadata][pipeline], but some beats (in this case Journalbeat) doesn't set one, which exposed an issue from earlier in my processing.
I'm trying to create a filter to clean up such cases, but to do that I need to compare something with ${[@metadata][pipeline]} (there are some other examples too). Problem is, I can't seem to escape this so I get a literal sequence of '$' '{' ...
I'm going to fix this properly in my upstream processing, but it seems like something that would useful to know how to do.
Any clues?
Things I've tried:
\%%%- single quotes
None appear to have worked, and I do have config.support_escapes set to true.
I do have a regular expression of =~ /^%/ that works, but I don't think =~ /%{/ worked. Would be nice to have something faster than a regex for such a simple thing.
Cheers,
Cameron