HTTP Filter With Array

wwalker · July 19, 2019, 3:19am

I have a field, assigned_to_current, that occasionally contains an array of values. I want to pass each of these values to the HTTP filter and then have it replace each value with the http result value. I guess like the translate filter...but with an API call. Below is what I am doing with the field and it works great with single values. How can I adapt this to work with a field that may contain an array of values?

  if [assigned_to_current] and [assigned_to_current] != "" and [assigned_to_current] != "guest" {
    http {
      headers => {
        "Authorization" => "12345"
        "Content-Type" => "application/json"
      }
      verb => "GET"
      url => "https://example.com/api/sys_user/%{[assigned_to_current]}"
      target_body => assigned_to_lookup
    }
    mutate { replace => { "assigned_to_current" => "%{[assigned_to_lookup][result][user_name]}" } }
  }
  else if ![assigned_to_current] or [assigned_to_current] == "" { mutate { replace => { "assigned_to_current" => "unassigned" } } }

Badger · July 19, 2019, 1:05pm

If there is a very limited number of entries in the array you could duplicate the section and replace [assigned_to_current] with [assigned_to_current][0] in one duplicate and [assigned_to_current][1] in the other. Otherwise you could use a split filter to break the array into multiple events. Otherwise, use a ruby filter with .each and implement the HTTP call yourself.

system · August 16, 2019, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Http filter for each array item Logstash	2	1149	January 16, 2020
I would like to access nested data from an array Logstash	7	7597	February 15, 2017
Modify values in json array with Ruby Logstash	5	1072	July 7, 2022
RUBY Filter to event.set each entity in an Array Logstash	3	4509	August 18, 2021
Ruby Filter to Add Multiple Values to a Field Logstash	3	2332	July 18, 2019

HTTP Filter With Array

Related Topics