OK, well it turns out kv handles an array on input, so you can do
kv { source => "[message]" target => "[foo]" field_split => "," }
If you then want to have the arrays inverted, you could do that in ruby using something like this.
OK, well it turns out kv handles an array on input, so you can do
kv { source => "[message]" target => "[foo]" field_split => "," }
If you then want to have the arrays inverted, you could do that in ruby using something like this.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.