Ingest: foreach + grok processor - how to write result into an array?

Elastic Stack Elasticsearch
1

Hi,
I'm trying to use grok processor within a foreach processor, but I'm failing. I don't know how to write new sub-fields in grok processor.

Example document:

{
     "f": ["a 1", "b 2"]
}

Wanted result:

{
     "f": ["a 1", "b 2"],
     "f.word": ["a", "b"],
     "f.number": [1, 2]
 }

Or:

{
    "f": [
            {"word": "a",
             "number": 1},
            {"word": "b",
              "number": 2}
           ]
}

Is something like this achievable? Thanks...

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.